We’ve all seen the pop-ups on our laptops or phones: “Update is available, click here to download.”
We’re constantly urged to do as we’re told because these software updates improve our apps by boosting cyber-security and removing glitches.
So when, in the spring, a pop-up message hit the screens of IT staff using a popular piece of software called SolarWinds, around 18,000 workers in companies and governments diligently downloaded the update for their offices.
What they couldn’t have known was that the download was booby-trapped.
SolarWinds itself didn’t know either.
The US company had been the victim of a cyber-attack weeks previously that had seen hackers inject a tiny piece of secret code into the company’s next software update.
After staying dormant for a couple of weeks, the powerful digital helper sprang to life inside thousands of computer networks in government, technology and telecom organisations across North America, Europe, Asia and the Middle East.
connected to this
h/t Coastie Patriot