Timeline of the SolarWinds Hack and Investigation
Timeline of the SolarWinds Hack and Investigation
To accompany an in-depth feature story I wrote for WIRED about the SolarWinds hack--considered the most sophisticated and boldest supply-chain hack ever pulled off--here's a timeline of events.
Last week, after more than a year of reporting and writing, I published an in-depth feature story for WIRED about the SolarWinds hacking campaign. Considered the boldest and most sophisticated supply-chain hack ever pulled off (that we know of), the cyber espionage operation remained undetected for nearly two years as the Russian hackers (believed to be Russia’s civilian intelligence agency known as the SVR) first compromised the Austin-based SolarWinds company then injected a backdoor into the company’s Orion software platform. This allowed them to compromise some 18,000 SolarWinds customers who downloaded the program.
This included nine US government agencies (Department of Defense, Treasury Department, Department of Homeland Security among them) as well as think tanks and some of the top tech firms and security vendors in the world—Microsoft, Mandiant, Intel, Cisco, and Palo Alto Networks, to name a few. The hackers siphoned email, viewed source code of software vendors and explored their build environments (perhaps with the intent to compromise additional software).
You can read the WIRED story here as well as a separate news story about how the Justice Department discovered the SolarWinds hackers six months before Mandiant publicly exposed the operation. Although the Justice Department detected the hackers in their own network in the summer of 2020—and even brought in Mandiant and Microsoft to help investigate—none of them understood the significance of what they had found. As a result, the Sunburst backdoor remained undiscovered until Mandiant found it the following December.
There are a lot of details and events to follow in the broader story of the SolarWinds hacking campaign, so I’ve put together a timeline for readers to easily track how the espionage operation and subsequent investigation unfolded. The timeline below includes some extra details that got removed from the WIRED piece during editing. I’m making this piece available only to paid subscribers as a way to thank them for their generosity in supporting the work.