On Sunday, we learned that federal agencies and other organizations had been penetrated by nation-state attackers, identified as Russian by multiple sources.
Though the definitive attribution for the attacks won’t come for a while, we do know how the attack occurred.
SolarWinds Orion, a widely used network monitoring tool, had been compromised. In what’s known as a “supply chain attack,” the attackers injected malware into the update code last March, and customers had been installing a Trojan each time they ran an update.
“Supply chain attacks are low-cost, high-impact threats,” said Kelvin Coleman, executive director at the National Cyber Security Alliance.