SolarWinds suffers severe supply chain attack

ReversingLabs’ analysis of how the attackers compromised the SolarWinds Orion software release process by blending in with the affected code base, mimicking the developer’s coding style and naming standards.

Sophos and ReversingLabs on Monday announced SoReL-20M, a database of 20 million Windows Portable Executable files, including 10 million malware samples.

Sophos and ReversingLabs released SoReL-20M, a database containing 20 million Windows Portable Executable files, including 10M malware samples.

While SUNBURST activity was only identified in December 2020, analysis of campaign details and further analysis of SolarWinds software indicates the event may have started, at least in preparatory phases, over a year prior.

An investigation conducted by threat intelligence firm ReversingLabs showed that the first version of the Orion software modified by the hackers was actually from October 2019.