Security News > 2020 > December > SolarWinds releases known attack timeline, new data suggests hackers may have done a dummy run last year
In an 8-K filing to the US Securities and Exchange Commission, SolarWinds has given more details on exactly how it learned its servers were spewing out malware.
Security shop FireEye, as well as other sources, have confirmed that the main malware controller being used in the SolarWinds attack has been killed off this week.
Hackers unknown, believed to be state-sponsored, have been romping through some 18,000 of SolarsWinds' Origin customer servers using malware installed via an update server.
"Sunburst is the malware that was distributed through SolarWinds software. As part of FireEye's analysis of Sunburst, we identified a killswitch that would prevent Sunburst from continuing to operate," the company told The Reg.
"Our hypothesis is that either the extensions were deliberately created with the malware built in, or the author waited for the extensions to become popular, and then pushed an update containing the malware," said Jan Rubín, malware researcher at Avast.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/12/21/in_brief_security/
Related news
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks (source)