The SolarWinds cyberattack, initiated in September 2019 by a group suspected to be linked to Russian intelligence, targeted the software company's Orion platform, compromising about 18,000 customers' networks through malicious code hidden in software updates. The incident, which affected both private enterprises and U.S. federal agencies, raised significant concerns about cybersecurity practices and resulted in an estimated recovery cost exceeding $90 million, along with legal repercussions for SolarWinds. Despite the company's attempts to address the breach, the attack has led to severe reputational damage and ongoing investigations into their security negligence.

1. The Case Study of SolarWinds Cyberattack
Introduction:
A data breach is any security incident in which unauthorized parties access
sensitive or confidential information, including personal data (Social Security numbers,
bank account numbers, healthcare data) and corporate data (customer records,
intellectual property, financial information) (Kosinski, 2024).
An example of it is software supply chain attacks. A supply chain attack is a type
of cyberattack that targets organizations by focusing on weaker links in an
organization's supply chain. The supply chain is the network of all the individuals,
organizations, resources, activities and technology involved in the creation and sale of a
product. The supply chain encompasses everything from the delivery of materials from
the supplier to the manufacturer through to its delivery to the end user. By targeting a
weak point in a supply chain, a cyberattack may be more likely to succeed -- with
attackers taking advantage of the trust that organizations may have in third-party
vendors. Supply chain attacks are a type of island-hopping attack (Gillis, 2022).
SolarWinds, an Oklahoma-based software company, provides network
management tools to numerous organizations globally. Their product Orion, an IT
performance monitoring system, was at the center of a major cybersecurity incident
known as the SolarWinds hack. This supply chain attack, attributed to a group called
Nobelium (suspected to be the Russian Foreign Intelligence Service), compromised
thousands of SolarWinds customers' networks and data. The unprecedented scale of

2. this breach makes it one of the largest recorded cyberattacks. The attack began in
September 2019 with a "dry run," followed by the injection of malicious code into
SolarWinds' Orion software updates in February 2020. Unaware of the compromise,
SolarWinds distributed these updates to customers. The “trojanized” code created a
"backdoor," allowing remote access to infected systems. SolarWinds estimates that
about 18,000 customers received the compromised update. The attackers then focused
on a smaller group of high-value targets, particularly within the federal government, for
espionage purposes. This incident significantly impacted the U.S. government, as many
federal agencies use SolarWinds for network monitoring, potentially exposing sensitive
information systems to the threat actors (Oladimeji, 2023).
Methodology:
Case study methodology is a research approach that utilizes multiple sources of
evidence to draw meaningful conclusions (Yin, 2009). It's particularly useful for tackling
complex issues, often within the context of real-world decision-making scenarios. To
provide readers with actionable insights, case writers must conduct thorough, multi-
dimensional analyses of all relevant data. These methodologies, when combined,
create a comprehensive study. An effective case study not only tells a compelling story
to engage readers emotionally but also presents a thorough data analysis to offer
intellectual validation (Flyvbjerg, 2006). The choice of data sources and methods is
determined by the study’s objectives. For instance, if the goal is to enhance a brand's
social media presence, the focus would be on gathering information about digital
marketing channels and competitors' strategies. Conversely, if the aim is to develop a
succession plan for a small business, the emphasis would shift towards management

3. structures and long-term operational strategies. This chapter will discuss the
understanding and mitigating the risks of a supply chain attack about SolarWinds Hack
(Florenthal, B., & Ismailovski, A., 1970).
Results and Discussion:
The SolarWinds Orion software, widely used by large companies and
government agencies, was exploited in a major supply chain attack. Hackers inserted
malicious code into software updates, potentially compromising numerous systems
worldwide. The attack's full scope and purpose remain unclear, but it could enable
access to sensitive information and networks.
The incident primarily targeted government agencies, though many private
enterprises may have been affected collaterally. While Russia denied involvement,
then-President Trump suggested China might be responsible, despite lacking evidence.
Experts generally attributed the attack to Russian actors.
Upon taking office, President Biden promised to hold Russia accountable and
ordered a comprehensive review of the attack. He also created a new cybersecurity
position within the National Security Council to improve the government's response to
such threats (Oladimeji, 2023).
The timeline of SolarWinds attack was established (TechTarget, 2023):
 September 2019. Threat actors gain unauthorized access to SolarWinds
network

4.  October 2019. Threat actors test initial code injection into Orion
 Feb. 20, 2020. Malicious code known as Sunburst injected into Orion
 March 26, 2020. SolarWinds unknowingly starts sending out Orion software
updates with hacked code
Federal Government timeline (GOA Gov, 2021):
 Dec. 13, 2020. Department of Homeland Security’s Cybersecurity and
Infrastructure Security Agency (CISA) releases Mitigate SolarWinds Orion Code
Compromise, Emergency Directive 21-01, which outlines the required mitigations
for federal agencies.
 Dec. 16, 2020. National Security Council staff activate the Cyber Unified
Coordination Group (UCG), comprised of CISA, FBI, and the Office of the
Director of National Intelligence, with support from National Security Agency
(NSA) According lo CISA, all federal agencies with systems that had been
compromised affirmed that the SolarWinds Orion software was disconnected or
powered down.
 Dec. 17, 2020. CISA releases Advanced Persistent Threat Compromise of
Government Agencies, Critical Infrastructure, and Private Sector Organizations,
Alert (AA20-352A) NSA issues Detecting Abuse of Authentication Mechanisms, a
Cybersecurity Advisory that provides guidance on techniques agencies could use
to detect threats and defend against unauthorized access.
 Dec. 18, 2020. Cyber UCG briefs members of Congress about the breach
 Dec. 24, 2020. CISA releases Sparrow, a software tool that is used to detect
malicious activity for the Microsoft Azure/Office 365 cloud environments

5.  Jan. 5, 2021. A joint release from the Cyber UCG states that the breach was
likely Russian in origin
 Jan. 13, 2021. The White House appoints a Deputy National Security Advisor for
Cyber and Emerging Technology to lead the federal response to the breach
 Feb. 08, 2021. CISA releases two malware analysis reports, SUNBURST
(AR21-039A) and TEARDROP (AR21-0398)
 Feb. 17, 2021. Deputy National Security Advisor for Cyber and Emerging
Technology confirms the breach was likely of Russian origin, and that nine
federal agencies had systems compromised
 Apr. 15, 2021. NSA, CISA, and FBI jointly confirm the Russian Foreign
Intelligence Service as the threat actor in a Cybersecurity Advisory. The White
House releases Executive Order 14024 issuing sanctions targeting the harmful
foreign activities of the Russian Government
 Apr. 19, 2021. National Security Council staff deactivate the Cyber UCG and
stale that lessons learned from this incident will be used to improve future federal
government responses to significant cyber incidents
According to a U.S. Department of Homeland Security advisory, the affected
versions of SolarWinds Orion are versions are 2019.4 through 2020.2.1 HF1.
More than 18,000 SolarWinds customers installed the malicious updates, with
the malware spreading undetected. Through this code, hackers accessed SolarWinds's
customer information technology systems, which they could then use to install even
more malware to spy on other companies and organizations (TechTarget, 2023).
IMPACTS (Zywave, Inc., 2021):

6. Recovery expenses:
The SolarWinds attack is estimated to cost over $90 million in combined recovery
efforts for the company and affected customers. These expenses cover investigation,
notification, malware removal, data recovery, and improved cybersecurity measures. As
federal agencies were impacted, some costs may ultimately be borne by U.S.
taxpayers.
Reputation damage:
SolarWinds faced severe criticism for its security failures, particularly its inability
to detect the initial breach and the malware in its Orion software. The revelation of weak
password practices (e.g., "solarwinds123") further damaged the company's reputation.
Consequently, SolarWinds' stock price dropped 40% in the week following the incident's
disclosure.
Legal consequences:
In January 2021, shareholders initiated a class-action lawsuit against SolarWinds
for cybersecurity negligence. The SEC also began investigating whether affected
customers accurately reported the incident's impact in their financial statements. As
more information emerges, both SolarWinds and its customers may face additional
lawsuits and regulatory penalties.

7. References:
 Oladimeji, S. (2023, November 3). SolarWinds hack explained: Everything you
need to know. TechTarget. Retrieved June 28, 2024, from
https://www.techtarget.com/whatis/feature/SolarWinds-hack-explained-
Everything-you-need-to-know
 Kosinski, M. (2024, May 24). What is a data breach?. IBM.
https://www.ibm.com/topics/data-breach
 Gillis, A. S. (2022, October N/A). What is a Supply Chain Attack? TechTarget.
Retrieved June 28, 2024, from
https://www.techtarget.com/searchsecurity/definition/supply-chain-attack
 Zywave, Inc. (2021, October 17). Cyber Case Study: SolarWinds Supply Chain
Cyberattack. Ollis/Akers/Arney. Retrieved June 28, 2024, from
https://ollisakersarney.com/blog/cyber-case-study-solarwinds-supply-chain-
cyberattack/
 GAO Gov. (2021, April 22). SolarWinds Cyberattack Demands Significant
Federal and Private-Sector Response (infographic). Government Accountability
Office. Retrieved June 28, 2024, from https://shorturl.at/4FJxd
 Marelli, M. (n.d.). The solarwinds hack: Lessons for international humanitarian ...
International Review of the Red Cross.
https://international-review.icrc.org/sites/default/files/reviews-pdf/2022-06/the-
solarwinds-hack-lessons-for-international-humanitarian-organizations-919.pdf
https://rmcglobal.com/wp-content/uploads/2022/08/2020-SolarWinds-Hack-A-
Case-Study-of-the-Russian-Cyber-Threat-July-2021.pdf

8.  Kruti, A., Butt, U., & Sulaiman, R. B. (2023, August). (PDF) a review of
Solarwinds attack on Orion platform using persistent threat agents ANF
techniques for gaining unauthorized access. ResearchGate.
https://www.researchgate.net/publication/373262598_A_review_of_SolarWinds_
attack_on_Orion_platform_using_persistent_threat_agents_anf_techniques_for_
gaining_unauthorized_access
 Florenthal, B., & Ismailovski, A. (1970, January 1). Case study methodology: An
analysis of effective methods in business cases. IGI Global. https://www.igi-
global.com/chapter/case-study-methodology/230239