The report late last year from FireEye of a state-sponsored attack targeting SolarWinds’ Orion software sent a shockwave through the industry and the reverberations from the discovery are continuing to ripple. As many as 18,000 SolarWinds customers — including at least nine U.S. government agencies — were infected via the SunBurst breach of the network monitoring and management solution. Moreover, according to a recent study from IronNet, the average financial impact of that attack was 11% of annual revenue or about $12 million per company.
U.S. intelligence has put the blame for the attack on Russian-sponsored hackers, who compromised multiple Orion software updates that were released between March and June 2020, giving bad actors a backdoor into exploited systems. Our research found that the Orion software build and code-signing infrastructure was compromised, with the source code of the affected library directly modified to include malicious backdoor code that was compiled, signed, and delivered via the existing patch release management system.