Trojanized versions of SolarWinds’ Orion IT monitoring and management software have been used in a supply chain attack leading to the breach of government and high-profile companies. The list of victims of this large scale attack, coordinated by what Microsoft and FireEye consider to be nation-state hackers, includes several federal agencies such as the US Treasury and the US National Telecommunications and Information Administration. DHS-CISA has also issued an alert over the weekend warning of active exploitation of trojanized versions which the attackers use to deploy a backdoor on unpatched servers via the update mechanism.
Source: https://www.bleepingcomputer.com/news/security/us-govt-fireeye-breached-after-solarwinds-supply-chain-attack/