“This is what is called a supply-chain attack, meaning the pathway into the target networks relies on access to a supplier. Supply-chain attacks require significant resources and sometimes years to execute. They are almost always the product of a nation-state. Evidence in the SolarWinds attack points to the Russian intelligence agency known as the S.V.R., whose tradecraft is among the most advanced in the world. According to SolarWinds S.E.C. filings, the malware was on the software from March to June. The number of organizations that downloaded the corrupted update could be as many as 18,000, which includes most federal government unclassified networks and more than 425 Fortune 500 companies.” Thomas P. Bossert in the NYT: I Was the Homeland Security Adviser to Trump. We’re Being Hacked. “The magnitude of this national security breach is hard to overstate.”