The SolarWinds hack was a supply-chain attack on approximately 18,000 purchasers of the company s Orion software. The second hack was against Microsoft Exchange servers and had a more familiar trajectory: Attackers found a series of zero-day vulnerabilities that could be chained together to break into any Exchange servers that were internet-accessible and steal all the emails and files stored on them. The twin shocks are the unprecedented scope of the assault and that we got hit so hard with such recognizable weaponry.
Source: https://threatpost.com/solarwinds-hack-seismic-shift/165758/