The charges stem from alleged fraud and internal control failures related to known cybersecurity weaknesses that took place between the company’s October 2018 initial public offering (IPO) and its December 2020 revelation of a sophisticated cyberattack dubbed “SUNBURST.”

The software supply chain cyberattack involved Russia-linked threat actors breaching SolarWinds systems in 2019, or possibly even earlier. The hackers compromised the automated build environment for the company’s Orion monitoring software, and in the spring of 2020 they pushed out malicious Orion updates to SolarWinds customers.