Gizmodo: “The SolarWinds attack in 2020 was a humiliating all-out assault on U.S. government cybersecurity, and it’s likely that one key reason it’s not more famous is that we still know very little about what the hackers achieved. But we now have a few more crumbs to work with, because new revelations from Bloomberg have revealed that the hackers were in Treasury Department email accounts, essentially doing whatever they wanted. Bloomberg’s reporting comes from a Freedom of Information Act lawsuit, which resulted in the release of a redacted investigation report from the Treasury’s inspector general. To refresh your memory, SolarWinds is a Texas-based information management company that is both a little-known part of the software supply chain, but it’s also ubiquitous and essential. In early 2020 SolarWinds was targeted by an elite, possibly Russia-affiliated entity, and infiltrated through a combination of social engineering and hacking—essentially turning a key piece of its software called Orion Platform into a malware dispenser, spreading its spying tools all over systems belonging to SolarWinds’ clients. That client list included sensitive organizations at the very highest levels like the White House and the NSA, exposing the hackers to communications networks that process classified information…”