Crowdstrike researchers have documented Sunspot, a piece of malware used by the SolarWinds attackers to insert the Sunburst malware into the company’s Orion software. Solarwinds has also revealed a new timeline for the incident and the discovery of two customer support incidents that they believe may be related to Sunburst. Kaspersky Lab researchers have also discovered several similarities between the malware and a backdoor that has been linked to the Turla APT group (widely believed to be sponsored by the Russian state)
Source: https://www.helpnetsecurity.com/2021/01/12/solarwinds-sunspot/