Recently, we reported the attack against Microsoft, which ended up compromising much of your information and communications with customers. In this case - as reported ZDNet - The SolarWinds company would have been the one that had this data and information, which has shed light on how hackers compromised the development of the SolarWinds app: Orion.
The company CrowdStrike, which is investigating the incident, would have discovered a third component of malware involved, the one that would have received the name of Sunspot, preceded by Sunburst and Teardrop. Although Sunspot was the last to be discovered, it was the first to be used by attackers. According to specialists, the purpose of this malware was to observe the construction of the server that hosted Orion, SolarWinds' main product.
In this way, customers using Orion received Trojans and with this they accessed SolarWinds update servers and installed on the networks of many of the company's customers. Once this happened, Sunburst activated malicious material within the networks, which would have allowed it to collect data from its victims and then send the information to hackers.