Security News > 2020 > December > New Evidence Suggests SolarWinds' Codebase Was Hacked to Inject Backdoor

A new report published by ReversingLabs today and shared in advance with The Hacker News has revealed that the operators behind the espionage campaign likely managed to compromise the software build and code signing infrastructure of SolarWinds Orion platform as early as October 2019 to deliver the malicious backdoor through its software release process.

"The source code of the affected library was directly modified to include malicious backdoor code, which was compiled, signed, and delivered through the existing software patch release management system," ReversingLabs' Tomislav Pericin said.

Cybersecurity firm FireEye earlier this week detailed how multiple SolarWinds Orion software updates, released between March and June 2020, were injected with backdoor code to conduct surveillance and execute arbitrary commands on target systems.

The idea, according to Pericin, was to compromise the build system, quietly inject their own code in the source code of the software, wait for the company to compile, sign packages and at last, verify if their modifications show up in the newly released updates as expected.

Over 4,000 Sub-domains Compromised by SUNBURST. SolarWinds said up to 18,000 of its customers may have been impacted by the supply chain attack while urging Orion platform users to update the software to version 2020.2.1 HF 2 as soon as possible to secure their environments.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/HPHQs0YyzEs/new-evidence-suggests-solarwinds.html