If you’ve been keeping up with the information security world even for a little bit, you’ve certainly heard of the recent supply chain attack that occurred in the Solar Wind Orion product. A truly sophisticated attack that showed what a determined group with a lot of patience and skills can do.
A lot of research has been done on the techniques and tactics used by the “SUNBURST” backdoor and a lot of blog posts have been published describing it in extreme details.
But one of the recent blog posts by CrowdStrike dubbed “SUNSPOT: An Implant in the Build Process”, That details how the threat actors were able to inject the “SUNBURST” backdoor into the source code of the SolarWinds Orion IT management product.