Security News > 2021 > March > FireEye finds new malware likely linked to SolarWinds hackers

FireEye finds new malware likely linked to SolarWinds hackers
2021-03-04 18:04

FireEye discovered a new "Sophisticated second-stage backdoor" on the servers of an organization compromised by the threat actors behind the SolarWinds supply-chain attack.

The new malware is dubbed Sunshuttle, and it was "Uploaded by a U.S.-based entity to a public malware repository in August 2020.".

FireEye researchers Lindsay Smith, Jonathan Leathery, and Ben Read believe Sunshuttle is linked to the threat actor behind the SolarWinds supply-chain attack.

If the connection made by FireEye with the state hackers behind the SolarWinds hack checks out, Sunshuttle would be the fourth malware found while investigating the supply-chain attack.

FireEye found a third malware named Teardrop, a previously unknown memory-only dropper and a post-exploitation tool the attackers used to deploy customized Cobalt Strike beacons.

A fourth malware, Symantec found Raindrop, a malware similar to Teardrop used by the SolarWinds hackers to deliver Cobalt Strike beacons during post-exploitation.


News URL

https://www.bleepingcomputer.com/news/security/fireeye-finds-new-malware-likely-linked-to-solarwinds-hackers/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 44 0 80 95 40 215
Fireeye 8 0 8 2 0 10