As the U.S. government parses through the Solar Winds software supply chain breach, many questions still remain as to the motive, the entities targeted, and length of time suspected nation state attackers remained intrenched unseen by the victims. The attack stands at the apex of similar breaches in not only the breadth of organizations compromised (~18,000), but how the attack was executed.
In February 2020, the U.S. Department of Justice (DoJ) issued indictments against four Chinese individuals suspected in conducting the 2017 intrusion into Equifax, a global information solutions company that organizes, assimilates, and analyzes data on consumers and businesses worldwide. The personal data of approximately 145 million U.S. citizens was stolen in the breach. The four suspects are alleged to be members of the People’s Liberation Army’s (PLA) 54th Research Institute.