Skip to content

SolarWinds Megabreach

(L-R) Senate Intelligence Committee hearing on Capitol Hill on February 23, 2021 focused on the 2020 cyberattack that resulted in a series of major data breaches within several U.S. corporations and agencies and departments in the U.S. federal government.
(L-R) Senate Intelligence Committee hearing on Capitol Hill on February 23, 2021 focused on the 2020 cyberattack that resulted in a series of major data breaches within several U.S. corporations and agencies and departments in the U.S. federal government. Photo: Demetrius Freeman-Pool (Getty Images)

A big protean mess that seems to have no real beginning or end, the “SolarWinds” hack will likely continue to influence the conversation around U.S. cybersecurity for years to come. The hack, which U.S. authorities believe involved Russian (and maybe Chinese) threat actors worming their way into the networks of major federal agencies and American companies via compromised software, helped said hackers gather untold amounts of intelligence on the U.S. government and private sector. While the incident was first publicized in December, subsequent disclosures about the extent of the hack have continued over the past six months, leading to multiple congressional hearings, audits, and investigations.

Despite being commonly referred to as “SolarWinds,” the hack actually involved a compromise of at least three different software firms, including SolarWinds, Microsoft, and VMWare, according to the Cybersecurity and Infrastructure Security Agency (CISA). A total of 12 federal agencies are confirmed to have been penetrated by the hackers—including the Department of Defense, the Department of Homeland Security, the Federal Aviation Administration, the judiciary, and NASA, among others. The hackers also allegedly wormed their way into the networks of major Fortune 500 companies.

Related Articles