Security News > 2021 > March > FireEye finds new malware likely linked to SolarWinds hackers
FireEye discovered a new "Sophisticated second-stage backdoor" on the servers of an organization compromised by the threat actors behind the SolarWinds supply-chain attack.
The new malware is dubbed Sunshuttle, and it was "Uploaded by a U.S.-based entity to a public malware repository in August 2020.".
FireEye researchers Lindsay Smith, Jonathan Leathery, and Ben Read believe Sunshuttle is linked to the threat actor behind the SolarWinds supply-chain attack.
If the connection made by FireEye with the state hackers behind the SolarWinds hack checks out, Sunshuttle would be the fourth malware found while investigating the supply-chain attack.
FireEye found a third malware named Teardrop, a previously unknown memory-only dropper and a post-exploitation tool the attackers used to deploy customized Cobalt Strike beacons.
A fourth malware, Symantec found Raindrop, a malware similar to Teardrop used by the SolarWinds hackers to deliver Cobalt Strike beacons during post-exploitation.
News URL
Related news
- North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware (source)
- North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Hackers deploy AI-written malware in targeted attacks (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)