1. How was the bad actor able to bundle the DLL as part of a SolarWinds / Orion update?
2. How was the bad actor able to get a valid certificate to sign the DLL?
3. The bad actor seemed to know a lot about the inner workings of SolarWinds / Orion.
Am I the only person that suspects an insider agent was or is working for SolarWinds?
No. An insider bad actor or incompetence is always first on my list. Equifax got hacked because a server didn't get patched in a timely manner. I don't rule out that the Solarwind hack could be the mother of all hacks, but I doubt it...
Bribery, intimidation, insiders preferring convenience, and carelessness . . . are the usual suspects.
Caring less: Insiders give up enough clues, to what their password might be; or insiders outright give away their password.
That is one of the reasons that nobody should expose their lives to online forums. Because the bad actors collect information and assess The Top Ten most vulnerable insiders, every day. And the bad actors just wait for opportune moments.
*That* is the leading pry-bar that gets hackers into health care systems.
Every day, bad actors wait for network users to do something that leaves a door open.