SolarWinds: State-sponsored global software supply chain attack

The incident illustrates how hackers were able to gain access to multiple victim systems through a single breach by targeting suppliers.

This investigation report describes how a state sponsored group carried out a global software supply chain attack through the IT company SolarWinds. This case illustrates how hackers can use a software vendor to compromise several otherwise well-protected victims at once.

In the report, it is described how the attackers executed their suppli chain attack, what they used their access for, and how the attack affected Denmark. In the last part of the report, three preventive measures are presented, which Danish organisation may implement to strengthen their defenses against this type of threat.

The attack against SolarWinds showed that there is a continuing need to raise the overall level of cybersecurity in Denmark.

Target audience for the report is the organisational elements responsible for managing and implementing various aspects of information security.