The scale of the SolarWinds breach is still unclear, the operator said

We need to increase the sharing of threat intelligence. Now, that is the term in the cybersecurity community for information about the attacks that people are seeing. And our fundamental challenge today is that that information too frequently exists in cellars. It exists in government vaults, exists in different companies. It doesn’t go together. Who knows what all happened here? An entity knows. That is the attacker. Perhaps the most important finding to date in our investigation is the threat agent used to bring Sunburst into our Orion platform. Sunspot, which we discovered is at serious risk of automated supply chain attacks across many software development companies, because the software processes that SolarWinds use are common across the industry. Attackers have infiltrated through a SolarWinds implant and the first thing they do is get your keys, tokens. Essentially, they stole your identity architecture, so they can gain access to your network the same way your people did. And that is why this attack is so hard to find. These attackers from Day One, they have backdoors. Imagine almost a secret door to your home; And the first thing that happens when they go through that secret door is that all your keys are right there. They just take them. And now they can hack into any lock you have in your home.