SolarWinds Supply Chain Attack Compromises 18,000 Organizations Including US Treasury
What happened
State-sponsored attackers (later attributed to Russia's SVR) inserted malicious code into SolarWinds' Orion network monitoring platform during the build process. The trojanised update was distributed to 18,000 customers including the US Treasury, State Department, and major corporations.[1]
What went wrong
SolarWinds' build pipeline lacked integrity verification, allowing attackers who had compromised the build environment to insert a backdoor (SUNBURST) that passed code signing. The attackers were patient — staging for months before activating the backdoor to evade detection.[1]
Lesson learned
Software supply chain integrity requires cryptographic build attestation and reproducible builds, not just code signing of the final artifact. Build environments themselves are high-value attack targets and must be hardened accordingly.