You know how Steve Gibson tells you to keep your software up to date… well what happens when the Russian CosyBear infect the software update at the source ?!? Guess what, everybody got pwned for Xmas
I didn’t see it mentioned in the article, but Solarwind’s customer notification classified this as a supply chain attack which I found interesting. I usually associate that sort of attack with physical hardware. I suppose in the logical sense it would mean that a third party software component used in Orion was compromised? Or perhaps the development workstations? Hopefully we get an in depth analysis of the compromise.