Sophos and ReversingLabs on Monday announced SoReL-20M, a database of 20 million Windows Portable Executable files, including 10 million malware samples.

Sophos and ReversingLabs released SoReL-20M, a database containing 20 million Windows Portable Executable files, including 10M malware samples.

While SUNBURST activity was only identified in December 2020, analysis of campaign details and further analysis of SolarWinds software indicates the event may have started, at least in preparatory phases, over a year prior.

An investigation conducted by threat intelligence firm ReversingLabs showed that the first version of the Orion software modified by the hackers was actually from October 2019.

ReversingLabs discloses compilation artifacts confirming that Orion source code was directly modified to include a malicious backdoor

The source code of the affected library was directly modified to include malicious backdoor code