SolarWinds Hack: A

Case Study
A data breach is any security incident in which unauthorized parties
access sensitive or confidential information.
Supply Chain Attack
A supply chain attack targets organizations by focusing on weaker links
in an organization's supply chain.

Network of Individuals
Individuals, organizations, resources, activities, and technology
involved in the creation and sale of a product.

Trust in Third-Party Vendors

Attackers take advantage of the trust that organizations may have
in third-party vendors.
SolarWinds Hack
SolarWinds, an Oklahoma-based software company, provides network management tools to numerous organizations globally.

1 2 3 4

September 2019
Threat actors gain
unauthorized access to
SolarWinds network
October 2019 February 20, 2020 March 26, 2020
Threat actors test Malicious code known SolarWinds
initial code injection as Sunburst injected unknowingly starts
into Orion into Orion sending out Orion
software updates with
hacked code
Impact on Government
Agencies
The attack's full scope and purpose remain unclear, but it could enable
access to sensitive information and networks.

1 Espionage
Attackers focused on a smaller group of high-value targets,
particularly within the federal government, for espionage purposes.

2 Sensitive Information Systems

Many federal agencies use SolarWinds for network monitoring,
potentially exposing sensitive information systems to the threat
actors.
Case Study Methodology
Case study methodology is a research approach that utilizes multiple sources of evidence to draw meaningful conclusions.

Data Sources Data Analysis

The choice of data sources and methods is determined by An effective case study not only tells a compelling story to
the study's objectives. engage readers emotionally but also presents a thorough
data analysis to offer intellectual validation.
Federal Government Timeline
The timeline of SolarWinds attack was established.

December 13, 2020

Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA)
releases Mitigate SolarWinds Orion Code Compromise, Emergency Directive 21-01, which
outlines the required mitigations for federal agencies.

December 16, 2020

National Security Council staff activate the Cyber Unified Coordination Group (UCG),
comprised of CISA, FBI, and the Office of the Director of National Intelligence, with support
from National Security Agency (NSA)

December 17, 2020

CISA releases Advanced Persistent Threat Compromise of Government Agencies, Critical
Infrastructure, and Private Sector Organizations, Alert (AA20-352A)
Impacts
The SolarWinds attack is estimated to cost over $90 million in combined
recovery efforts for the company and affected customers.

Recovery Reputation Legal

Expenses Damage Consequences

Investigation, SolarWinds Shareholders

notification, faced severe initiated a class-
malware criticism for its action lawsuit
removal, data security failures. against
recovery, and SolarWinds for
improved cybersecurity
cybersecurity negligence.
measures.
Conclusion
The SolarWinds cyberattack represents a pivotal moment in cybersecurity, underscoring
the vulnerability of global supply chains to sophisticated threats.

Robust Cybersecurity Measures

Proactive monitoring, rapid incident response capabilities, and enhanced collaboration
between government agencies and private enterprises.

Fortify Global Cybersecurity Defenses

Lessons from the SolarWinds attack must inform comprehensive strategies to fortify
global cybersecurity defenses against evolving threats.