SolarWinds: SUNBURST malware injected into Orion build pipeline compromises 18,000 organisations
Russian state-affiliated actors compromised SolarWinds's Orion build server and injected malicious code (SUNBURST) into a signed software update, distributing the backdoor to 18,000 customers including US federal agencies.
2 of the 4 practices that failed in this incident are part of the Sentinel-10 — the engineering protocols Concordance flags as most degraded under AI-accelerated development.
This incident pre-dates today's AI-velocity surge. The thesis is that the same practices that failed here will fail faster under AI velocity if not actively governed. Read the Velocity Governance thesis →
Impact
Estimated >$100B in global remediation cost. Affected US Treasury, Commerce, Homeland Security, State, NIH, parts of the Pentagon. Triggered Executive Order 14028 (Improving the Nation's Cybersecurity).
Root cause (from published RCA)
Threat actor obtained initial access and inserted malicious code into the Orion build pipeline. Modifications to source code occurred during the build process; the resulting binary was signed with a legitimate code-signing certificate and distributed via standard update channels. Pipeline integrity controls did not detect the unauthorised code modification.
Concordance protocols that map to this root cause
Click any protocol to see every other indexed incident where it failed.
Primary sources
Related incidents
Other incidents that failed at least one of the same protocols.