SolarWinds is a US-based firm that develops network management software. The subject of this supply chain attack was Orion, a product that's used by around 33,000 customers, including many large corporations and government entities. Attackers managed to insert backdoored code into legitimate software updates for SolarWinds' Orion tool. Allegedly, Russia was behind this attack.
Smith didn’t say who those 1,000 developers worked for, but compared the SolarWinds hack to attacks on Ukraine that had been widely attributed to Russia (which denies involvement).Via: The Register
“What we are seeing is the first use of this supply chain disruption tactic against the United States,” he said. “But it's not the first time we've witnessed it. The Russian government really developed this tactic in Ukraine."