USA to publish detailed analysis of SolarWinds hacking tools

The report details 18 pieces of malware used in the attack, including the Sunshuttle backdoor, China Copper webshell and covert Sibot tool

US Cyber Command and the Department of Homeland Security (DHS) are preparing to release a detailed analysis of the hacking tools used in the SolarWinds attack, which targeted multiple federal agencies and private firms last year.

The report was originally scheduled to be released on Wednesday, but the DHS delayed it without explanation. However, it's still expected to be published soon.

The report provides details on 18 pieces of malware used by suspected Russian hackers to infiltrate US entities. Potentially, it could enable organisations to discover malicious artefacts in their own systems, and take appropriate action to remove them

One of the tools analysed is a backdoor named Sunshuttle, which provides hackers with persistent access to a network. Another is called Sibot: a covert tool that masquerades as Windows software.

The report also talks about a webshell called China Chopper, which enables hackers to maintain access to a network. According to US officials, this popular script was found as a customised hacking tool on the network of an alleged Russian group.

The analysis also describes in detail how the SolarWinds attackers were able to move from one network to another.

Earlier this week, the Associated Press (AP) cited current and former government officials to claim that the SolarWinds hackers had breached email accounts belonging to Chad Wolf, former acting head of the DHS, and other senior members of the DHS's cybersecurity division (CSD).

The intelligence value of the breach is not known at the moment, although it is a potently symbolic gesture.

It has been nearly three months since the release of an initial statement from US cyber security agencies, which claimed that 'an Advanced Persistent Threat (APT) actor, likely Russian in origin, was responsible for most or all' of the cyber compromises in the SolarWinds hack.

Earlier this month, the New York Times said that the US government is preparing to conduct cyber attacks against Russia, after concluding that the country was involved. Russia has denied its involvement in the breach.

Citing unnamed government officials, the news outlet claimed that the US might take actions that may not be evident to outsiders but would send a clear signal to Moscow.

The sources added that the Biden administration could also impose economic sanctions against Russia.

Jake Sullivan, Joe Biden's national security adviser, said this week that the White House was in the "closing stages" of deciding how to respond to the SolarWinds hack.

"We're in the closing stages of that process with options that will be presented at the highest levels here," he told Bloomberg in an interview.

Sullivan added that the Biden administration is working on remediation measures and to make sure that the vulnerabilities of federal networks are addressed as quickly as possible.