Since approximately last March, SolarWinds software updates have included an unwanted bit of extra code. Attackers – thought to be Russian state actors – injected malware into signed software updates, giving them what’s been described as a “toehold into the network,” and creating opportunities for privilege escalation attacks.