Organizations around the globe began 2021 grappling with two significant supply-chain attacks. First, the SVR, Russia’s foreign intelligence service, planted malicious code in Orion, SolarWinds’ flagship network management suite. When 18,000 Orion customers updated their software, they also unwittingly installed the SVR’s malicious code, giving the Russian intelligence agency direct access to the customers’ networks.
The second attack came in March, when news broke that a threat actor labeled HAFNIUM was exploiting four previously unknown vulnerabilities in Microsoft Exchange, the ubiquitous email server platform. Information security teams scrambled to install Microsoft’s emergency fix and evaluate the damage. Within days, other threat actors began targeting unpatched systems for their own goals, including ransomware attacks.