Understanding the SolarWinds Supply Chain Attack

Whitepaper: Understanding the SolarWinds Supply Chain Attack

“This is the largest and most sophisticated sort of operation that we have seen.”
– Brad Smith, President, Microsoft

In December 2020, the public learned that an advanced persistent threat (APT) had compromised the SolarWinds Orion software supply chain and delivered a software update containing malicious code to over 18,000 customers. The scope of this attack is unprecedented, and the untangling exactly what happened will take years.  

Drawing on testimony from the February 23, 2021 Senate Select Committee on Intelligence hearing, SpyCloud has broken the attack down into three stages, with a focus on the critical roles played by identity and password security. 

No single security solution could have prevented such a sophisticated, surgical attack; however, the incident underscores the risks posed by weak and stolen credentials. Read the whitepaper to learn more about what happened, and how SpyCloud could have helped at each stage of the attack. 

Get the Whitepaper

Understanding the SolarWinds Supply Chain Attack
Download the PDF version of the whitepaper to print or share with others.

The SpyCloud Difference

Truly Actionable Recaptured Data

SpyCloud solutions are backed by the world’s most current and comprehensive repository of recaptured data from breaches, malware infections, and other underground sources – with billions of exposed credentials and PII. It’s the same data that fraudsters use, but we make it actionable to prevent account takeover, ransomware attacks, and online fraud.


Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.