Security News > 2021 > March > FireEye finds new malware likely linked to SolarWinds hackers

FireEye discovered a new "Sophisticated second-stage backdoor" on the servers of an organization compromised by the threat actors behind the SolarWinds supply-chain attack.
The new malware is dubbed Sunshuttle, and it was "Uploaded by a U.S.-based entity to a public malware repository in August 2020.".
FireEye researchers Lindsay Smith, Jonathan Leathery, and Ben Read believe Sunshuttle is linked to the threat actor behind the SolarWinds supply-chain attack.
If the connection made by FireEye with the state hackers behind the SolarWinds hack checks out, Sunshuttle would be the fourth malware found while investigating the supply-chain attack.
FireEye found a third malware named Teardrop, a previously unknown memory-only dropper and a post-exploitation tool the attackers used to deploy customized Cobalt Strike beacons.
A fourth malware, Symantec found Raindrop, a malware similar to Teardrop used by the SolarWinds hackers to deliver Cobalt Strike beacons during post-exploitation.
News URL
Related news
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign (source)