Security News > 2021 > January > 'Sunspot' Malware Used to Insert Backdoor Into SolarWinds Product in Supply Chain Attack

CrowdStrike, one of the cybersecurity companies called in by IT management firm SolarWinds to investigate the recently disclosed supply chain attack, on Monday shared details about a piece of malware used by the attackers to insert a backdoor into SolarWinds' Orion product.

According to CrowdStrike, the threat group behind the attack on SolarWinds used a piece of malware named Sunspot to inject the previously analyzed Sunburst backdoor into the Orion product without being detected.

SolarWinds said the attackers created trojanized Orion updates containing the Sunburst backdoor and delivered them to as many as 18,000 customers.

An analysis conducted by CrowdStrike revealed that the hackers deployed Sunspot on SolarWinds systems.

If such a process is detected, Sunspot replaces a single source code file to include the Sunburst backdoor.

CrowdStrike says it currently does not attribute any of the malware used in the SolarWinds attack to a known threat actor, and it has decided to track the campaign as an activity cluster named StellarParticle.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/NwmfVL066rQ/sunspot-malware-used-insert-backdoor-solarwinds-product-supply-chain-attack