SUNSPOT

Sunspot is an implant that injected the SUNBURST backdoor into the SolarWinds Orion software update. It was used by UNC2452 since at least February 2020.[1]

Techniques Used

Domain ID Name Use
Enterprise VT0004 .002 Supply Chain Compromise: Compromise Software Supply Chain

SUNSPOT malware was designed and used to insert SUNBURST into the software build of the SolarWinds Orion IT management product.[1]

References

Attachments

ID
VS0003
Type
MALWARE
Platforms
Windows
Version
1.0

Created: 04 March 2021

Last Modified: 04 March 2021