SolarWinds: The Update That Passed Every Security Check

In the spring of 2020, up to 18,000 organizations installed a software update from a trusted vendor. It was signed. It was verified. Every security check said it was clean. Every one of those checks was correct. What they couldn't verify was what was inside the package before the seal was applied. This is the full story of SUNBURST — how Russia's SVR compromised SolarWinds' build pipeline, turned a routine software update into a backdoor, and spent nine months reading emails inside the U.S. Treasury, the Department of Homeland Security, the State Department, and dozens of Fortune 500 companies. How FireEye discovered it by investigating their own breach, burned their own toolkit to stop it, and exposed one of the largest intelligence operations in history — in a single day. Zero Day Logs is an investigative documentary series built entirely from the public record: CISA emergency directives, SEC filings, congressional testimony, and verified forensic findings. Every breach. One episode. Real consequences. CHAPTERS 00:00 Cold Open — In 2020, They Were Invited 00:41 The Routine Update 01:14 18,000 Organizations 02:07 What Orion Could See 03:58 Inside the Treasury 05:46 Why Every Security Scan Passed 09:16 The Build Pipeline 10:10 Code Signing: The Wax Seal 11:31 The Printing Press Analogy 12:16 Inside the Build Pipeline 14:51 Sunburst Activates 16:52 The DNS Covert Channel 19:36 100 Out of 18,000 19:57 Hands-On Access 25:54 Nine Months of Access 28:03 FireEye's Response 28:44 Pulling the Thread 29:53 December 13, 2020 34:09 Attribution and Sanctions 36:53 The solarwinds123 Password 39:18 The Three Missing Controls 42:32 Defense in Depth 43:08 The Cost of Remediation 48:49 Trust and Verification 54:24 Technical Breakdown + Resources 54:41 Next on Zero Day Logs Find the full technical breakdown, attack timeline, and downloadable PDF at https://www.zerodaylogs.com CONNECT Substack: https://www.zerodaylogs.com Podcast: Available on Spotify, Apple Podcasts, Amazon Music, and all major platforms #cybersecurity #solarwinds #sunburst #supplychain #apt29