Microsoft, FireEye confirm SolarWinds supply chain attack: Known victims so far include the US Treasury, the US NTIA, and FireEye itself
https://www.zdnet.com/article/microsoft-fireeye-confirm-solarwinds-supply-chain-attack/
A hack initially corrupted a Solarwinds file, after which, that corrupted Solarwinds file had been installed on various Windows OS based machines as a part of routine updating.
The hacked file hatches, you might say, active hack commands that find certain files and deletes those certain files.
The hack tries to hide its tracks, and then force a reboot of the Windows OS based machine.
It is a cover-up.
If the affected Windows machine has event logging enabled and those logs are sent elsewhere, clearing the log and rebooting the machine does no good.
I can tell you factually that every single one of our Windows Desktops and Servers sends their logfiles to a secure event logging solution where those logfiles cannot be manipulated or deleted.
It doesn't take much to then filter through the events to see what's happened/happening with any of our Windows (and Linux) serers, of which there are about 16,000 total.