When looking at the Sunburst attack and the effect that the supply chain attack on Orion platform as a springboard to infect 18,000 downstream customers. This gives a better understanding of the Threat Actor's capabilities and a deep dive into what happened during each stage of the attack. We discuss the access the Threat Actors had on cloud platforms and what was stored onto the Orion databases. Finally, we go into what we can expect in future supply chain attacks and how to prevent them.