Targeting of SolarWinds customers
Date of report
  • December 2020
The Russian APT group Cozy Bear inserted malware into a service that pushes software updates for SolarWinds’ Orion platform, which is used across countless U.S. government agencies and Fortune 500 firms. FireEye was the first to reveal that it had fallen victim to the intrusion and later presented evidence that the Orion platform was compromised as far back as March 2020.
Suspected victims
  • More than eighteen thousand SolarWinds customers
Suspected state sponsor
  • Russian Federation
Type of incident
  • Espionage
Target category
  • Government
  • Private sector
  • Military
Victim government reaction
  • Yes
Policy response