A quick summary: a group of cyber-criminals hacked the developer of a very popular software platform used by corporate IT. They then added a backdoor to that company's software updates, infecting any company that downloaded & applied those updates. Once they were *in*, they went deeper into targeted networks, covering their tracks as they went. At least partly because of the world class skill & expertise used, the attacks have been attributed to a nation-state -- most everything I've read says Russia, though AFAIK no government has verified that they're behind it. The same group of cyber-criminals has also been staging other attacks that don't rely on the hacked updates both before and during this attack.
FireEye, the computer security company that first found the attack, discovered it when the cyber-criminals added their own hardware as a trusted member of FireEye's network(s). They've reported that the tools they use to test network security etc. were stolen, but are still investigating, trying to find out how far and how deep the cyber-criminals got. It's been big news chiefly because several networks run by the US gov were also compromised, though no definite word on which ones or what was stolen.
zdnet[.]com/article/microsoft-fireeye-confirm-solarwinds-supply-chain-attack/
zdnet[.]com/article/microsoft-was-also-breached-in-recent-solarwinds-supply-chain-hack-report/
zdnet[.]com/article/solarwinds-said-no-other-products-were-compromised-in-recent-hack/
zdnet[.]com/article/microsoft-says-it-identified-40-victims-of-the-solarwinds-hack/
zdnet[.]com/article/microsoft-and-industry-partners-seize-key-domain-used-in-solarwinds-hack/
zdnet[.]com/article/microsoft-to-quarantine-solarwinds-apps-linked-to-recent-hack-starting-tomorrow/
blogs.microsoft[.]com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/