Injecting a Backdoor into SolarWinds Orion

January 19, 2021

Crowdstrike is reporting on a sophisticated piece of malware that was able to inject malware into the SolarWinds build process:
Key Points
SUNSPOT is StellarParticle’s malware used to insert the SUNBURST backdoor into software builds of the SolarWinds Orion IT management product.
SUNSPOT monitors running processes for those involved in compilation of the Orion product and replaces one of the source files to include the SUNBURST backdoor code.
Several safeguards were added to SUNSPOT to avoid the Orion builds from failing, potentially alerting developers to the adversary’s presence…Schneier on SecurityRead More