Security News > 2021 > January > 'Sunspot' Malware Used to Insert Backdoor Into SolarWinds Product in Supply Chain Attack
CrowdStrike, one of the cybersecurity companies called in by IT management firm SolarWinds to investigate the recently disclosed supply chain attack, on Monday shared details about a piece of malware used by the attackers to insert a backdoor into SolarWinds' Orion product.
According to CrowdStrike, the threat group behind the attack on SolarWinds used a piece of malware named Sunspot to inject the previously analyzed Sunburst backdoor into the Orion product without being detected.
SolarWinds said the attackers created trojanized Orion updates containing the Sunburst backdoor and delivered them to as many as 18,000 customers.
An analysis conducted by CrowdStrike revealed that the hackers deployed Sunspot on SolarWinds systems.
If such a process is detected, Sunspot replaces a single source code file to include the Sunburst backdoor.
CrowdStrike says it currently does not attribute any of the malware used in the SolarWinds attack to a known threat actor, and it has decided to track the campaign as an activity cluster named StellarParticle.
News URL
Related news
- EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files (source)
- CISA warns critical SolarWinds RCE bug is exploited in attacks (source)
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- New Tickler malware used to backdoor US govt, defense orgs (source)
- New Tickler malware used to backdoor US govt, defense orgs (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- Revival Hijack supply-chain attack threatens 22,000 PyPI packages (source)
- New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm (source)
- GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware (source)
- Chinese hackers use new data theft malware in govt attacks (source)