Microsoft, FireEye Unmask More Malware Linked to SolarWinds Attackers

2021-03-04 22:19

Researchers have uncovered more custom malware that is being used by the threat group behind the SolarWinds attack.

Researchers with Microsoft and FireEye identified three new pieces of malware that the companies said are being used in late-stage activity by the threat actor.

The malware families include: A backdoor that's called GoldMax by Microsoft and called Sunshuttle by FireEye; a dual-purpose malware called Sibot discovered by Microsoft; and a malware called GoldFinder also found by Microsoft.

Researchers with both FireEye and Microsoft ran across the malware called GoldMax/Sunshuttle, and published analyses about it in joint releases.

The uncovering of these three malware families provides another puzzle piece in better understanding the sprawling SolarWinds espionage attack.

In addition to Sunburst, which is the malware used as the tip of the spear in the campaign, researchers in January unmasked additional pieces of malware, dubbed Raindrop and Teardrop, that were used in targeted attacks after the effort's initial mass Sunburst compromise.

News URL

https://threatpost.com/microsoft-fireeye-malware-solarwinds/164512/

#fireeye #malware #microsoft #solarwinds

Related vendor

VENDOR	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft	724	806	4714	4721	3646	13887
Solarwinds	56	33	104	80	50	267
Fireeye	8	0	8	2	0	10

News URL

Related news

Related vendor