Another backdoor has been tentatively linked to the hackers behind SolarWinds.
Researchers have uncovered a new connection between Tomiris and the APT behind the SolarWinds breach, DarkHalo.
On Wednesday at the Kaspersky Security Analyst Summit (SAS), researchers said that
a new campaign revealed similarities between DarkHalo's Sunshuttle, as well as "target overlaps" with Kazuar.
The
SolarWinds incident took place in 2020. FireEye and Microsoft revealed the breach, in which SolarWinds's Orion network management software was compromised to impact as many as 18,000 customers in a software update-based supply-chain attack.