The SolarWinds Supply Chain Attack: What Businesses Need to Know

What is the SolarWinds Supply Chain Attack?

SolarWinds, the Austin-based cybersecurity firm, found itself in the middle of a catastrophe due to internal security lapses. The firm recently earned headlines for making it to the list of unsuspecting service providers targeted for its elite supply chain. A week ago, the popular Cybersecurity firm confirmed falling victim to a supply chain attack, which was quite a coup for the threat actors. 

In its statement, SolarWinds confirmed two major vulnerabilities — SUNBURST and SUPERNOVA — which we shall discuss in a while. Before we dig deeper into how the threat actors pulled it off, you need to know what the Orion platform is. Simply referred to as ‘Orion’, it is the flagship IT Monitoring and Management platform of SolarWinds. 

It facilitates the implementation and scaling of the various security applications offered by SolarWinds. You can look at it as the base application used by clients to manage resources. Now that’s precisely why threat actors used it as a gateway to gain entry into the private networks of the Cybersecurity firm’s customers.

Who is responsible for the SolarWinds Supply Chain Attack?

According to Reuters, a researcher by the name Vinoth Kumar is said to have warned SolarWinds about its weak password for the update server almost a year ago. The password ‘solarwinds123’ was easy and could have been cracked with a basic Bruteforce application. While that highlights the potential flaws in the internal security system of SolarWinds, researchers state that it wasn’t the source of the current crisis. So what really happened?

Let’s find out!

How Did the SolarWinds Breach Happen?

Like any other IT service provider, SolarWinds released timely updates for its base application, Orion. However, the updates 2019.4 through 2020.2.1 which were released between March and June 2020 included malicious code that the cybercriminals inserted. Basically, “legit” updates were duly signed and released by SolarWinds had two major vulnerabilities, which Security Experts refer to as SUNBURST and SUPERNOVA. 

The SUNBURST vulnerability, which SolarWinds confirms to be present in the 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 versions create a backdoor that transmits data via the HTTP protocol and then intercepts it. The other vulnerability SUPERNOVA isn’t embedded within the Orion updates but is a distinct malware that tries to mimic SolarWinds’ proprietary products. Through this, the cybercriminals impersonated SolarWinds to gain unauthorized access.

Until a week ago, SolarWinds remained oblivious to the breach, while its unsuspecting clientele continued to download the trojanized updates and the malware. It is safe to assume these two vulnerabilities may have adversely affected thousands of Orion users. 

This is the same pattern followed in the Asus supply chain attack, wherein the OS update was corrupted. However, this security breach could be a lot more damaging because of the Austin-based cybersecurity firm’s high-profile supply chain.

Let’s try to ascertain the extent of damage this supply chain attack may have caused.

How Bad Is It?

Supply chain attacks usually affect a long list of entities, and it comes as no surprise that over 18,000 SolarWinds customers might have suffered because of this attack. The shocking part is the callousness of leaders in not planning and implementing basic strategic defensive measures. This is highlighted by the fact that several critical US government departments all engaged the same vendor — SolarWinds. 

The affected Government departments and agencies include the US Treasury, Pentagon, Homeland Security, and sources have also stated that nuclear programs which come under the US Department of Energy may have been a target. 

While many U.S. intelligence officials were quick to blame Russia for the attack, there could be others involved as well. To date, neither the US government nor any affected companies have publicly said which nation-state they think is responsible. There’s still a lot we do not know. Recently, SolarWinds removed quite a few clients from the list of customers posted on its official website, which is probably to protect their best interests. Several other measures have also been implemented, but the extent of damage is still unknown. 

Is My Organization at Risk?

In a bid to curb the mess created by hackers, SolarWinds has removed the potentially dangerous software builds from its download sites.

Organizations that have downloaded the SolarWinds malicious updates or malware remain vulnerable and must act fast. Your action depends on the update you may have downloaded. 

What Should I Do?

If you have been a victim of the SolarWinds Supply chain attack, start by figuring out which update version you have currently installed. You can do that by going to the control panel and navigating to the ‘installed updates’ section. You then need to uninstall the malicious ones and download the latest versions of Orion, which would be the 2020.2.1 HF 2 or 2019.4 HF 6. 

An even more effective measure would be to uninstall all the SolarWinds applications and reinstall them with the secure new versions. As the new version includes the security patches required to counter both the SUNBURST and SUPERNOVA vulnerabilities, it ensures better security.

The Big Takeaway from the SolarWinds Breach

Don’t look at the Solarwinds hack in isolation. Look at every one of your vendors that can push updates into your environment.

David Wolpoff, CTO of cybersecurity firm Randori

According to David Wolpoff of Randori “For security leaders, this is a good opportunity to reflect on their reliance and trust in technology solutions. These breaches are reminders of unseen risk debt: Organizations have a huge amount of potential harm built up through their providers that typically isn’t adequately hedged against… Don’t look at the Solarwinds hack in isolation. Look at every one of your vendors that can push updates into your environment.”

Nothing online is 100 percent secure, so the element of risk cannot be entirely removed. Since Organizations and Government agencies cannot survive without third-party vendors — which exposes them to the risk of supply chain attacks — the only prudent measure would be to diversify vendors to perform critical functions such as cybersecurity. Although it does not entirely eliminate the risk of a supply chain attack, it definitely distributes the risk across multiple vendors. This minimizes the amount of damage any single supply chain attack can cause. When disaster does strike, it pays to have a partner who can help you make sense of the chaos and chart a clear path forward. That’s why, for over 30 years, Chesley Brown has dedicated ourselves to helping organizations anticipate and navigate risk before it becomes a crisis. If you have serious questions about your security, our experts are always here to help.

Sign up!

For industry-leading guides and analysis sign up for our blog below.

  • This field is for validation purposes and should be left unchanged.

Latest News

Empty conference room representing the gap in a workplace violence prevention program
The Missing Link in Every Workplace Violence Prevention Program
A written workplace violence prevention program satisfies regulators. It does almost nothing to stop an attack. The gap between the two is behavioral threat assessment: the discipline of noticing, reporting, and acting ...
Read More
A female face with binary code and facial recognition patterns on her face to represent facial recognition and autonomous security robots for business security 2026
Facial Recognition and Autonomous Security Robots for Business: The Real Conversation Security Leaders Should Be Having in 2026
You sat through your last security briefing feeling conflicted. The technology sounds impressive. Everyone says adoption is coming. But something felt off. Here's the honest truth: technology adoption without strategy is just ...
Read More
Group of protesters holding signs demanding climate action - commercial security strategy can help reduce or eliminate the impact of protests and civil disruption
When Protests Go Local: What Civil Unrest in 2026 Will Demand of Commercial Security Strategy
In December, Verisk Maplecroft published its annual Civil Unrest Index with a clear projection: 2026 will be more disruptive for property and political-violence insurers than 2025 was. The judgment was based on ...
Read More
corporate travel risk
The New Geography of Corporate Travel Risk: What Summer 2026 Demands of Executive Travel Programs
Summer travel season begins this year in a measurably more hostile global environment than it did even twelve months ago. In February, Willis Towers Watson reported that threats to individuals or client ...
Read More
Mature manager meeting with warehouse worker to discuss supply chain security procedures
The New Anatomy of Supply Chain Risk: 2025’s Lessons for Corporate Security Leaders
In 2025, organized criminals stole an estimated $725 million in cargo across the United States and Canada — a 60% increase over the prior year. The number of theft incidents barely moved. ...
Read More
An engineer and the safety team walking a construction site discussing risk awareness and executive protection
When the Hardest Target Isn’t Hard Enough: Executive Protection Lessons from the Correspondents’ Dinner Attack
On the evening of April 25, a 31-year-old California man with a master's degree in computer science, no criminal record, and no detectable history of political extremism walked through a Washington, D.C. ...
Read More
women's history month employee spotlight feature four leaders from Chesley Brown
Women in Security: Empowering the Future of Risk Leadership
Security leadership doesn’t look like it did ten years ago. Today’s environments move faster, threats cross boundaries, and reputational damage can spread before an incident report is even written. The job is ...
Read More
Security lessons for Businesses in 2025 and 2026
Top 10 Security Lessons Businesses Learned in 2025
Written by: James Hart Companies face an ever-evolving series of security threats, making contingency planning and preparedness essential. One of the best ways to improve security is by learning from past incidents. ...
Read More
Silhouettes of Two business Professionals taking about a physical security strategy
Maximizing Value and Resilience in Physical Security: A C-Suite Guide for Multi-Asset Organizations Facing Emerging Threats and Higher Costs
Written by: Max Briggs Physical security used to be a straightforward operational line item—gates, guards, cameras, and access control. Today, it’s a board-level function tied directly to risk, resilience, tenant satisfaction, and ...
Read More
Stacy Stockton - Corporate Director of Business Development
Employee Spotlight: Stacy Stockton
At Chesley Brown, we believe people are our greatest asset and that starts with bringing on team members who are passionate about protecting what matters most. We’re proud to welcome Stacy Stockton ...
Read More
Outsourced. Exposed. Out of Time.