Security News > 2021 > January > New Sunspot malware found while investigating SolarWinds hack
"The design of SUNSPOT suggests StellarParticle developers invested a lot of effort to ensure the code was properly inserted and remained undetected, and prioritized operational security to avoid revealing their presence in the build environment to SolarWinds developers," CrowdStrike found.
This is the third malware strain found while investigating the SolarWinds supply-chain attack and associated with the threat actor tracked as StellarParticle(CrowdStrike), UNC2452(FireEye), and Dark Halo.
A fourth malware, not linked to the StellarParticle hackers but also delivered using trojanized Orion builds, was also discovered by Palo Alto Networks Unit 42 and Microsoft while investigating the SolarWinds supply-chain attack.
While we learned of the SolarWind hack on December 13th, the first disclosure of its consequences was made on December 8th by leading cybersecurity firm FireEye which revealed that it was hacked by a nation-state hacking group.
As part of the attack, the hackers gained access to the SolarWinds Orion build system and injected the sunburst backdoor into a legitimate DLL used by the SolarWinds Orion IT management software.
Even though the timeline of the SolarWinds attack starts in September 2019, the date when the earliest suspicious activity was found on SolarWinds internal network, the identity of the hacking group behind this supply-chain attack is still unknown.