Scanning your connection...
Default PrivacyDefault Privacy
Back to Glossary
Attacks

What is SolarWinds Attack?

A sophisticated 2020 supply chain attack where Russian-linked hackers compromised SolarWinds' Orion software update mechanism, infiltrating 18,000+ organizations including US Treasury, Commerce, Homeland Security, and major corporations.

Also known as: SolarWinds Hack, SUNBURST Attack, Solorigate

The SolarWinds attack demonstrated that you don't need to hack your target directly — you can hack the software they trust. By compromising a single software update, attackers gained access to the US government's most sensitive networks.

How It Worked

  1. Attackers infiltrated SolarWinds build environment (likely as early as October 2019)
  2. Malicious code ("SUNBURST") was injected into routine software updates for SolarWinds Orion
  3. 18,000+ organizations downloaded the compromised update between March–June 2020
  4. The trojanized update gave attackers a backdoor into each organization's network
  5. Attackers selectively activated the backdoor in high-value targets
  6. FireEye (a cybersecurity firm) discovered the breach in December 2020 — after 9+ months of undetected access

Who Was Compromised

US Government Agencies

  • Department of the Treasury
  • Department of Commerce (NTIA)
  • Department of Homeland Security
  • Department of State
  • Parts of the Pentagon
  • Department of Energy (including nuclear weapons agency NNSA)
  • National Institutes of Health

Private Sector

  • FireEye, Microsoft, Intel, Cisco, Deloitte
  • Estimated 100+ organizations were actively exploited out of 18,000 who downloaded the update

Why It Was So Dangerous

  • Trusted update channel — Organizations thought they were installing a legitimate patch
  • 9+ months of undetected access — Attackers moved slowly and carefully
  • Government networks — The most sensitive data in the country was exposed
  • Scale — A single compromised vendor gave access to thousands of organizations
  • Attribution — Linked to Russian intelligence (SVR/Cozy Bear)

Lessons for Everyone

  1. Supply chain attacks target trust — even legitimate software updates can be compromised
  2. Zero trust architecture matters — don't assume internal traffic is safe
  3. Software bills of materials (SBOM) help identify vulnerable dependencies
  4. Network segmentation limits blast radius when a breach occurs
  5. Government cybersecurity is inadequate — SolarWinds exposed systemic vulnerabilities

Related Terms

Backdoor

A hidden method of bypassing normal authentication or encryption in a computer system. Backdoors may be intentionally built in (for maintenance or surveillance) or secretly inserted by attackers. In privacy contexts, backdoors refer to deliberate weaknesses that allow authorities to access encrypted data.

Nation-State Threat

Cyber threats from government-sponsored actors—intelligence agencies, military units, or state-backed groups. Nation-state attackers have resources, patience, and legal authority that exceed typical criminals. They target dissidents, journalists, corporations, and critical infrastructure.

Supply Chain Attack

An attack that compromises a target by infiltrating a trusted supplier, vendor, or software dependency in their supply chain.

Supply Chain Transparency

The ability to verify the origin, integrity, and security of every component in a technology product, from hardware manufacturing to software dependencies.

Zero-Day Exploit

An attack that exploits a previously unknown software vulnerability, giving defenders zero days to prepare a patch before it's used in the wild.

Have more questions?

Use our guided flow to get the right next privacy step for SolarWinds Attack.

Open Guided Flow