Strain was used to create an opening for other malware
Security firm CrowdStrike identified and named the strain Sunspot, adding that the strain was also the first one used of the three -- the other two are called Sunburst and Teardrop.
Sunspot was planted on the SolarWinds build server, creating the opening for Sunburst to first enter the system, according to Crowdstrike’s report.
The main goal was to watch Orion – a top SolarWinds product – and replace source code with Sunburst malware.
Kaspersky released an independent report on the same day, finding “code overlaps” between Sunburst malware and Kazuar, a malware strain linked to the Turla group, a Russian state-sponsored, cyber-espionage group.
The firm made no accusations or direct connections between Turla and the SolarWinds hack, according to ZD Net.
The attack blended extraordinarily stealthy tradecraft, using cyber tools never before seen in a previous attack, with a strategy that zeroed in on a weak link in the software supply chain that all U.S. businesses and government institutions rely on -- an approach security experts have long feared but one that has never been used on U.S. targets in such a concerted way.
Government agencies and cybersecurity experts are still working to piece together the massive suspected espionage operation. At least six federal agencies, including the departments of State, Homeland Security, Commerce and Energy, were hacked as part of the campaign.
Federal investigators have concluded that the Russian government is likely responsible for the hack in part because of the level of skill involved. Several senators who have received briefings in recent days have openly referred to it as a Russian operation.
Moscow has denied responsibility.
A SolarWinds shareholder filed a class-action lawsuit against the company's presiden