Understanding the SolarWinds Supply Chain Attack

Whitepaper: Understanding the SolarWinds Supply Chain Attack

“This is the largest and most sophisticated sort of operation that we have seen.”

– Brad Smith, President, Microsoft

In December 2020, the public learned that an advanced persistent threat (APT) had compromised the SolarWinds Orion software supply chain and delivered a software update containing malicious code to over 18,000 customers. The scope of this attack is unprecedented, and the untangling exactly what happened will take years.  

Drawing on testimony from the February 23, 2021 Senate Select Committee on Intelligence hearing, SpyCloud has broken the attack down into three stages, with a focus on the critical roles played by identity and password security. 

No single security solution could have prevented such a sophisticated, surgical attack; however, the incident underscores the risks posed by weak and stolen credentials. Read the whitepaper to learn more about what happened, and how SpyCloud could have helped at each stage of the attack. 


Download the Whitepaper

Understanding the SolarWinds Supply Chain Attack

A few of our happy customers:

Related Resources

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

SpyCloud human intelligence researchers have recovered billions of data breach assets, including stolen passwords and emails that can put enterprises at risk of account takeover

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.