#Orion solarwinds logo upgrade
The researchers stumbled across evidence that attackers entered a backdoor in the SolarWinds software “trojanizing SolarWinds Orion business software updates to distribute malware.” FireEye dubbed it “SUNBURST.”ĭecember 13 SolarWinds begins notifying customers, including a post on its Twitter account, "SolarWinds asks all customers to upgrade immediately to Orion Platform version 2020.2.1 HF 1 to address a security vulnerability."ĭecember 14 SolarWinds files an SEC Form 8-K report, stating in part that the company "has been made aware of a cyberattack that inserted a vulnerability within its Orion monitoring products". The security team reported their Red Team toolkit, containing applications used by ethical hackers in penetration tests, was stolen.ĭecemInitial d etection - FireEye discovered a supply chain attack while it was investigating the nation-state attack on its own Red Team toolkit. SolarWinds hack timeline (last updated March 28, 2021)ĭecemHow the discovery began - FireEye, a prominent cybersecurity firm, announced they were a victim to a nation-state attack. The attack "impacted critical infrastructure providers, potentially impacting energy and manufacturing capacities,” she said, and created an ongoing intrusion that “should be treated as a serious event with potential for great harm.”įollowing is a timeline of how events related to the SolarWinds hack have unfolded, to date. The SolarWinds attack is unprecedented because of "its capability to cause significant physical consequences," says University of Richmond management professor Shital Thekdi, an expert on risk management and industrial and operations engineering. While it is “hard to say” if the SolarWinds software supply-chain compromise will become known as the highest-impact cyber intrusion ever, it did catch “many people off guard” despite the security industry’s frequent warnings that supply chains pose substantial risks, according to Eric Parizo, principal analyst of security operations at Omdia, a global research firm. Editor's note: This article, originally published on April 5, 2021, has been updated to reflect recent developments.ĭetails of the 2020 SolarWinds attack continue to unfold, and it may be years before the final damages can be tallied.