Security News > 2021 > March > FireEye finds new malware likely linked to SolarWinds hackers
FireEye discovered a new "Sophisticated second-stage backdoor" on the servers of an organization compromised by the threat actors behind the SolarWinds supply-chain attack.
The new malware is dubbed Sunshuttle, and it was "Uploaded by a U.S.-based entity to a public malware repository in August 2020.".
FireEye researchers Lindsay Smith, Jonathan Leathery, and Ben Read believe Sunshuttle is linked to the threat actor behind the SolarWinds supply-chain attack.
If the connection made by FireEye with the state hackers behind the SolarWinds hack checks out, Sunshuttle would be the fourth malware found while investigating the supply-chain attack.
FireEye found a third malware named Teardrop, a previously unknown memory-only dropper and a post-exploitation tool the attackers used to deploy customized Cobalt Strike beacons.
A fourth malware, Symantec found Raindrop, a malware similar to Teardrop used by the SolarWinds hackers to deliver Cobalt Strike beacons during post-exploitation.
News URL
Related news
- Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (source)
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- South Korean hackers exploited WPS Office zero-day to deploy malware (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- Fake OnlyFans cybercrime tool infects hackers with malware (source)
- GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware (source)
- North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)