A judge has mostly thrown out a lawsuit brought by the U.S. financial watchdog that accused SolarWinds and its chief infosec officer of misleading investors about its data security practices and the backdoor of its Orion product.

In a ruling Thursday [PDF], US Federal District Judge Paul Engelmayer dismissed all so-called "post-SUNBURST" claims brought by the SEC against SolarWinds. That is, all claims against SolarWinds for what followed the 2019-2020 SUNBURST attack.

SUNBURST is the code name for some technologically advanced backdoor malicious Russian spies planted in IT network monitoring software Orion after the snoopers gained access to SolarWind's internal infrastructure.

Orion is used by approximately 18,000 organizations, including Microsoft and the US Departments of State, Treasury, Homeland Security and Commerce, making this a classic supply-chain attack. Infect a product that many valuable targets use so that when they will deploy the compromised code on their networks, you now have remote access to those systems.