SolarWinds hack investigation reveals new Sunspot malware


Crowdstrike researchers have documented Sunspot, a piece of malware used by the SolarWinds attackers to insert the Sunburst malware into the company’s Orion software.

SolarWinds has also revealed a new timeline for the incident and the discovery of two customer support incidents that they believe may be related to the Sunburst malware being deployed on customer infrastructure.

Finally, Kaspersky Lab researchers have discovered several similarities between the Sunburst malware and a backdoor that has been linked to the Turla APT group (widely believed to be sponsored by the Russian state).