Security News > 2021 > March > Microsoft, FireEye Unmask More Malware Linked to SolarWinds Attackers
Researchers have uncovered more custom malware that is being used by the threat group behind the SolarWinds attack.
Researchers with Microsoft and FireEye identified three new pieces of malware that the companies said are being used in late-stage activity by the threat actor.
The malware families include: A backdoor that's called GoldMax by Microsoft and called Sunshuttle by FireEye; a dual-purpose malware called Sibot discovered by Microsoft; and a malware called GoldFinder also found by Microsoft.
Researchers with both FireEye and Microsoft ran across the malware called GoldMax/Sunshuttle, and published analyses about it in joint releases.
The uncovering of these three malware families provides another puzzle piece in better understanding the sprawling SolarWinds espionage attack.
In addition to Sunburst, which is the malware used as the tip of the spear in the campaign, researchers in January unmasked additional pieces of malware, dubbed Raindrop and Teardrop, that were used in targeted attacks after the effort's initial mass Sunburst compromise.
News URL
https://threatpost.com/microsoft-fireeye-malware-solarwinds/164512/
Related news
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- Microsoft says attackers use exposed ASP.NET keys to deploy malware (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)