SolarWinds, a provider of tools to manage networks and IT systems, appears to be the vector the state-backed attackers used to get in. Its customer list is a who’s who of major corporations, claiming more than 400 of the Fortune 500, not to mention an extensive list of US government agencies. For the US government, the list has expanded to a number of departments, including State, Defense, Homeland Security, Treasury, and Commerce. The value of information that may have been stolen is incalculable, and the results of this attack could be felt for years.”]
Source: https://www.darkreading.com/attacks-breaches/why-the-weakest-links-matter