Supply-chain campaign
SolarWinds SUNBURST (Orion supply chain)
criticalMar 26, 2020 → Dec 13, 2020
What happened
Nation-state compromise of SolarWinds' Orion build pipeline. The attackers injected the SUNBURST backdoor into signed Orion updates distributed to ~18,000 organizations. Distinct from npm/PyPI-style supply chain attacks: the malicious code was in a closed-source enterprise product, not a public package registry. Catalogued here because it's the canonical "vendor build system compromise" — a class of attack the OSV MAL- feed doesn't track directly.