SolarWinds Hack Resource Center

December 8th, 2020

December 13, 2020

FireEye released a blog post that provided further details indicating the company was breached through a highly evasive supply chain attack on SolarWinds.

CISA (The Cybersecurity and Infrastructure Security Agency) asks all agencies operating SolarWinds products to report by 12pm EST on Monday December 14, 2020 and issues an emergency directive -- Emergency Directive 21-01.

SolarWinds released a security advisory ( this page has been changing without dates margs ) said it plans to release an Orion update on Tuesday that will contain code to remove any traces of the malware from customer systems.

December 14, 2020

December 16, 2020

BitSight releases a blog post about SolarWinds Orion prevalence and confirms that it is most frequently seen within the Government and Technology sector and mainly deployed in the USA.

Joint statement by the Federal Bureau of investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI).

December 18, 2020

BitSight shows in a blog post the initial reaction and removal of SolarWinds Orion instances seen on the Internet in the first week. While 70% of servers with trojanized versions were remediated or removed from Internet access, only 8% of instances were removed from public access.

SolarWinds stocks $SWI fell 40% in the first week.

December 21, 2020

Microsoft Security Response team creates a Resource Center for “Solorigate” - codename from Microsoft - with continuous updates about the ongoing investigations.

December 23, 2020

BitSight adds to the Security Ratings Platform product information about live connected SolarWinds Orion servers observed on the Internet including trojanized versions.

BitSight creates a "SolarWinds Attack Resource Center" for customers.

December 26, 2020

A new CVE is assigned to a different SolarWinds Orion API vulnerability. This vulnerability allows unauthenticated remote command execution and it’s being explored by installation of malicious web shells on the attacked Orion servers.

The vulnerability receives the codename “SUPERNOVA” .

December 28, 2020

BitSight adds to Security Ratings Platform product potential and under investigation Security Incidents for organizations whose names are linked to contacts to the attacker’s C2 infrastructure, based on decoding a domain generation algorithm (DGA).

December 31, 2020

Microsoft says that no customer or PII data was compromised, but the compromised internal account had access to several source code repositories for Microsoft’s products.

January 6, 2021

CISA releases an update on alert with new findings about the APT compromise of government agencies, critical infrastructure, & private sector organizations.

January 7, 2021

Sealed U.S. Court Records Exposed in SolarWinds Breach. A report from krebsonsecurity blog explains a statement from U.S. Courts.

January 11, 2021

CrowdStrike releases technical analysis of “SUNSPOT”, malware that was deployed into the build environment to inject this backdoor into the SolarWinds Orion platform.

Kaspersky Labs see algorithms similarity between another malware called Kazuar and “SUNBURST”, and suggest attribution to Turla Group.

January 12, 2021

BitSight-Kovrr analysis of SolarWinds estimates the initial and insured losses from the SolarWinds attack to be $90,000,000.