In the SolarWinds incident, up to 18,000 companies could have received the malware injected into the SolarWinds software. Not all could have been affected. Many of these ‘victims’ did not install the infected version, and many others did so on servers with no internet connectivity. Of those companies that did receive the Nobelium Sunburst malware, only a relatively small number received any follow up attention from the hackers. In the final analysis, fewer than 100 victims’ servers communicated with the hackers. These were important companies and government offices that would be of interest to a foreign adversary state.