Security News > 2021 > March > Microsoft, FireEye Unmask More Malware Linked to SolarWinds Attackers

Microsoft, FireEye Unmask More Malware Linked to SolarWinds Attackers
2021-03-04 22:19

Researchers have uncovered more custom malware that is being used by the threat group behind the SolarWinds attack.

Researchers with Microsoft and FireEye identified three new pieces of malware that the companies said are being used in late-stage activity by the threat actor.

The malware families include: A backdoor that's called GoldMax by Microsoft and called Sunshuttle by FireEye; a dual-purpose malware called Sibot discovered by Microsoft; and a malware called GoldFinder also found by Microsoft.

Researchers with both FireEye and Microsoft ran across the malware called GoldMax/Sunshuttle, and published analyses about it in joint releases.

The uncovering of these three malware families provides another puzzle piece in better understanding the sprawling SolarWinds espionage attack.

In addition to Sunburst, which is the malware used as the tip of the spear in the campaign, researchers in January unmasked additional pieces of malware, dubbed Raindrop and Teardrop, that were used in targeted attacks after the effort's initial mass Sunburst compromise.


News URL

https://threatpost.com/microsoft-fireeye-malware-solarwinds/164512/

Related vendor