SolarWinds Compromise — Campaign Analysis & Threat Activity

Threat entity extracted from intelligence sources

Frequency
3
occurrences
First Seen
December 12, 2025
Last Seen
June 3, 2026

SolarWinds Compromise is a threat campaign tracked across 3 threat clusters and 3 intelligence report mentions on ThreatCluster. First observed December 12, 2025; most recent activity June 3, 2026.

Overview

The SolarWinds Compromise refers to a high-profile supply-chain intrusion in which attackers breached SolarWinds' Orion software build/update process and inserted a malicious backdoor into legitimate updates, enabling access to thousands of organizations’ networks. Its significance stems from exploiting trusted software delivery to conduct stealthy espionage at scale, prompting a paradigm shift in software supply-chain risk management and incident response.

Related Threat Clusters

  • Exploitation of Remote Services in Cyber Attacks

    Adversaries are increasingly leveraging external remote services like VPNs and Citrix to gain unauthorized access to networks. These attacks often involve using valid accounts obtained through credential harvesting or…

    2 articles · Updated June 3, 2026
  • Oncology Institute Data Breach Exposes Patient Data via Third-Party Vendor

    On May 20, 2026, The Oncology Institute, Inc. was notified of unauthorized access to its systems by Kroll, a third-party vendor. The incident, confirmed in an SEC filing on May 22, 2026, involved patient data…

    6 articles · Updated May 26, 2026
  • Advancements in Application Security Posture Management (ASPM)

    Application Security Posture Management (ASPM) has emerged as a critical evolution in application security, addressing the complexities of selecting effective security solutions. Organizations face challenges with…

    4 articles · Updated December 12, 2025

Recent Intelligence Reports

  • External Remote Services — attack.mitre.org · June 3, 2026
  • MITRE ATT&CK T1199 — attack.mitre.org · May 26, 2026
  • ASPM in Action: 8 Real‑World Use Cases — Paloaltonetworks · December 12, 2025

CVSS v3.1 Breakdown