SolarWinds

The SolarWinds cyberattack, discovered in December 2020, significantly impacted numerous organizations globally, including U.S. federal agencies and Fortune 500 companies. This sophisticated supply chain attack was orchestrated by inserting malicious code into the SolarWinds Orion software updates. This breach allowed the threat actors, believed to be state-sponsored, to conduct espionage and exfiltrate data over several months unnoticed. The severity of this attack lies not only in its scale and the sensitivity of the data compromised but also in the profound breach of trust in a widely used network management tool. The attackers had access to sensitive communications, intellectual property, and potentially could have manipulated critical systems, highlighting the significant vulnerabilities in the software supply chain. This incident serves as a stark reminder of the need for stringent cybersecurity measures and rigorous vetting processes for software used within government and corporate environments.

Source: https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-110a

"id": "sol802050124",
"linkid": "solarwinds",
"type": "Ransomware",
"date": "12/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"