How would SolarWinds know about it if it wasn't publicly disclosed until today?

Also, I realize the SAML -> SolarWinds connection is a bit of speculation on my part, but SAML is mentioned in Microsoft's advisory: https://msrc-blog.microsoft.com/2020/12/13/customer-guidance...

It sounds like a privilege escalation using the Go/SAML issue.

Also, this hack happened in March, so your timeline is irrelevant.