Adding to the confusion was a plethora of new names for different aspects of the attacks from both companies.
In a blog post, Microsoft said it had identified three new pieces of malware that were being used in late-stage attacks by the actor behind the SolarWinds attacks, which it called NOBELIUM.
The new malware was given the names GoldMax, Sibot and GoldFinder. A huge amount of technical detail about how the three malware specimens operated was provided, but there was no indication as to the end-game.
Similarly, Mandiant said it had found a new backdoor named SUNSHUTTLE which had been uploaded to a public malware repository by a US-based entity.
However, Mandiant said it had not fully verified the connections between SUNSHUTTLE and UNC2542, even though it claimed there was a link.
Last week, FireEye chief executive Kevin Mandia told a US Government panel that he was still not aware of how the SolarWinds attackers had gained a foothold to begin their attacks.