> As customers downloaded the update, they unwittingly pulled down and installed the backdoor at the same time. The malicious code was itself cleverly designed, would execute commands, and provided remote admin access. The hackers then used that foothold to create and cryptographically sign the necessary security tokens to hoodwink systems into believing subsequent access to other accounts and resources was legitimate.
https://www.theregister.com/2020/12/15/solar_winds_update/