Security News > 2021 > March > FireEye finds new malware likely linked to SolarWinds hackers
FireEye discovered a new "Sophisticated second-stage backdoor" on the servers of an organization compromised by the threat actors behind the SolarWinds supply-chain attack.
The new malware is dubbed Sunshuttle, and it was "Uploaded by a U.S.-based entity to a public malware repository in August 2020.".
FireEye researchers Lindsay Smith, Jonathan Leathery, and Ben Read believe Sunshuttle is linked to the threat actor behind the SolarWinds supply-chain attack.
If the connection made by FireEye with the state hackers behind the SolarWinds hack checks out, Sunshuttle would be the fourth malware found while investigating the supply-chain attack.
FireEye found a third malware named Teardrop, a previously unknown memory-only dropper and a post-exploitation tool the attackers used to deploy customized Cobalt Strike beacons.
A fourth malware, Symantec found Raindrop, a malware similar to Teardrop used by the SolarWinds hackers to deliver Cobalt Strike beacons during post-exploitation.
News URL
Related news
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn (source)