Anatomy of the SolarWinds Breach
There are many entities throughout the world that use third-party software as part of their business. When they do this, the service they receive form part of the supply chain of the company. SolarWinds is a key vendor with 33,000+ of the world’s companies and government entities use their software. The 22-year-old US-Based company, supply system management tools that are used by the IT professions within these organizations. The tools are responsible for a number of important services including software management, application monitoring, network configuration, etc. The Orion suite in particular, is SolarWinds most widely deployed network management system. It is used to manage and monitor the network infrastructure of the host company. To do its job effectively, the Orion suit needs absolute visibility of the company’s diverse set of network technologies. For this reason, it is common practice for network administrators to configure SolarWinds Orion with extensive privileges consequently, making it the perfect target for threat actors. On December 13th, 2020, it was discovered that the Orion software suit was infected with the malicious software called Sunburst.