>>19990884 (PB)

>D. The Solar Winds “SUNBURST” Attack

>One of the reasons that the CISA Election Statement was inaccurate is that, between

>January 2019 and at least December 2020, parties reportedly linked to Russia’s Foreign

>Intelligence Service, the SVR, perpetrated what the SEC recently described as “one of the worst

>cybersecurity incidents in history.” Ex. C ¶ 11. In connection with what is now known as the

>“SUNBURST attack,”

>[T]he threat actors inserted malicious code into three software builds for SolarWinds’ Orion

>products. SolarWinds then delivered these compromised products to more than 18,000

>customers across the globe. The malicious code provided the threat actors with the ability

>to access the systems of these compromised customers, provided certain other conditions

>were met, and became known as the SUNBURST attack.

>Id. ¶ 13. During the attack:

>[T]hreat actors conducted reconnaissance, exfiltration, and data collection; identified

>product and network vulnerabilities; harvested credentials of SolarWinds employees and

Looked and found the following possibly relevant items in my notes:

https://thenationalpulse.com/archive-post/solarwinds-hack-exploited-by-china/

https://securelist.com/red-october-detailed-malware-description-1-first-stage-of-attack/36830/

https://www.cisa.gov/news-events/news/cisa-issues-emergency-directive-mitigate-compromise-solarwinds-orion-network