In the spring of 2020, up to 18,000 organizations installed a software update from a trusted vendor. It was signed. It was verified. Every security check said it was clean. Every one of those checks was correct. What they couldn't verify was what was inside the package before the seal was applied.

This is the full story of SUNBURST — how Russia's SVR compromised SolarWinds' build pipeline, turned a routine software update into a backdoor, and spent nine months reading emails inside the U.S. Treasury, the Department of Homeland Security, the State Department, and dozens of Fortune 500 companies. How FireEye discovered it by investigating their own breach, burned their own toolkit to stop it, and exposed one of the largest intelligence operations in history — in a single day.

Zero Day Logs is an investigative audio documentary built entirely from the public record: official security advisories, customer post-incident reports, court documents, and verified forensic findings. Every breach. One episode. Real consequences.

Find full technical breakdowns, attack timelines, and defensive configurations at zerodaylogs.com. If you found this breakdown valuable, please follow the show and leave a review.

____________________

CHAPTERS
00:00 Cold Open — In 2020, They Were Invited
00:41 The Routine Update
01:14 18,000 Organizations
02:07 What Orion Could See
03:58 Inside the Treasury
05:46 Why Every Security Scan Passed
09:16 The Build Pipeline
10:10 Code Signing: The Wax Seal
11:31 The Printing Press Analogy
12:16 Inside the Build Pipeline
14:51 Sunburst Activates
16:52 The DNS Covert Channel
19:36 100 Out of 18,000
19:57 Hands-On Access
25:54 Nine Months of Access
28:03 FireEye's Response
28:44 Pulling the Thread
29:53 December 13, 2020
34:09 Attribution and Sanctions
36:53 The solarwinds123 Password
39:18 The Three Missing Controls
42:32 Defense in Depth
43:08 The Cost of Remediation
48:49 Trust and Verification
54:24 Technical Breakdown + Resources
54:41 Next on Zero Day Logs