FireEye has released a report, and a new tool which helps companies check if SolarWinds attackers used their techniques on their networks.
The tool is available on Github. [github.com...]

The SolarWinds hack came to light on December 13, 2020, when FireEye and Microsoft confirmed that a threat actor broke into the network of IT software provider SolarWinds and poisoned updates for the Orion app with malware.

The malware, known as Sunburst (or Solorigate), was used to gather info on infected companies. Most of the 18,000 SolarWinds customers who installed a trojanized version of the Orion app were ignored, but for some selected targets, the hackers deployed a second strain of malware known as Teardrop and then used several techniques to escalate access inside the local network and to the company's cloud resources, with a special focus on breaching Microsoft 365 infrastructure.

[zdnet.com...]