US Cyber Command and the Department of Homeland Security are preparing to publish a detailed analysis of the hacking tools used in the SolarWinds attack, in which suspected Russian spies targeted multiple federal agencies and private firms last year. According to sources, the report will detail 18 pieces of malware used in the attack. CYBERCOM and CISA have said the goal of releasing this report is “reduced exposure to malicious activity” for U.S. organizations. The scheduling of the report remains in flux, with at least one promised date retracted.
The report describes a backdoor dubbed Sunshuttle which gave the hackers backdoor access, a popular webshell called China Copper which prevents access from being cut off, and a tool called Sibot that masquerades as Windows software to infect targeted machines. Current and former government officials have claimed that the hackers breached email accounts belonging to former acting DHS head Chad Wolf and other senior members of the DHS cybersecurity division.