Last December, cybersecurity professionals began to unravel an extraordinary cyberattack on a little-known company based in Texas called SolarWinds. By hijacking the firm’s software-update mechanism, the hackers had gained the means for covert entry into their choice of thousands of unsuspecting customers.
That attack, which the US government blamed on Russia, infiltrated scores of federal agencies and private companies and was widely described as one of the worst intelligence failures in history. Things, it seemed, couldn’t get much worse.