Hackers who breached federal agency networks through software made by a company called SolarWinds appear to have conducted a test run of their broad espionage campaign last year, according to sources with knowledge of the operation.
Five months later, the hackers added new malicious files to the SolarWinds software update servers that got distributed and installed on the networks of federal government agencies and other customers. These new files installed a backdoor on victim networks that allowed the hackers to directly access them. Once inside an infected network, the attackers could have used the SolarWinds software to learn about the structure of the network or alter the configuration of network systems.
Read more in Yahoo News