SolarWinds: The Update That Wasn't episode artwork

EPISODE · May 5, 2026 · 55 MIN

SolarWinds: The Update That Wasn't

from Zero Day Logs · host ZDL

In the spring of 2020, up to 18,000 organizations installed a software update from a trusted vendor. It was signed. It was verified. Every security check said it was clean. Every one of those checks was correct. What they couldn't verify was what was inside the package before the seal was applied.This is the full story of SUNBURST — how Russia's SVR compromised SolarWinds' build pipeline, turned a routine software update into a backdoor, and spent nine months reading emails inside the U.S. Treasury, the Department of Homeland Security, the State Department, and dozens of Fortune 500 companies. How FireEye discovered it by investigating their own breach, burned their own toolkit to stop it, and exposed one of the largest intelligence operations in history — in a single day.Zero Day Logs is an investigative audio documentary built entirely from the public record: official security advisories, customer post-incident reports, court documents, and verified forensic findings. Every breach. One episode. Real consequences.Find full technical breakdowns, attack timelines, and defensive configurations at zerodaylogs.com. If you found this breakdown valuable, please follow the show and leave a review.____________________CHAPTERS00:00 Cold Open — In 2020, They Were Invited00:41 The Routine Update01:14 18,000 Organizations02:07 What Orion Could See03:58 Inside the Treasury05:46 Why Every Security Scan Passed09:16 The Build Pipeline10:10 Code Signing: The Wax Seal11:31 The Printing Press Analogy12:16 Inside the Build Pipeline14:51 Sunburst Activates16:52 The DNS Covert Channel19:36 100 Out of 18,00019:57 Hands-On Access25:54 Nine Months of Access28:03 FireEye's Response28:44 Pulling the Thread29:53 December 13, 202034:09 Attribution and Sanctions36:53 The solarwinds123 Password39:18 The Three Missing Controls42:32 Defense in Depth43:08 The Cost of Remediation48:49 Trust and Verification54:24 Technical Breakdown + Resources54:41 Next on Zero Day Logs

In the spring of 2020, up to 18,000 organizations installed a software update from a trusted vendor. It was signed. It was verified. Every security check said it was clean. Every one of those checks was correct. What they couldn't verify was what was inside the package before the seal was applied. This is the full story of SUNBURST — how Russia's SVR compromised SolarWinds' build pipeline, turned a routine software update into a backdoor, and spent nine months reading emails inside the U.S. T...

NOW PLAYING

SolarWinds: The Update That Wasn't

0:00 55:24

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Zero Day Logs?

This episode is 55 minutes long.

When was this Zero Day Logs episode published?

This episode was published on May 5, 2026.

What is this episode about?

In the spring of 2020, up to 18,000 organizations installed a software update from a trusted vendor. It was signed. It was verified. Every security check said it was clean. Every one of those checks was correct. What they couldn't verify was what...

Is there a transcript available for this episode?

Yes, a full transcript is available for this episode. You can read the complete transcript on the episode page.

Can I download this Zero Day Logs episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!