The Russian APT group Cozy Bear inserted malware into a service that pushes software updates for SolarWinds’ Orion platform, which is used across countless U.S. government agencies and Fortune 500 firms. FireEye was the first to reveal that it had fallen victim to the intrusion and later presented evidence that the Orion platform was compromised as far back as March 2020.
- More than eighteen thousand SolarWinds customers
Suspected state sponsor
- Russian Federation
Type of incident
- Private sector