Security News > 2021 > March > Microsoft reveals 3 new malware strains used by SolarWinds hackers
Microsoft has revealed information on newly found malware the SolarWinds hackers deployed on victims' networks as second-stage payloads.
The company now tracks the "Sophisticated attacker" who used the Sunburst backdoor and Teardrop malware during the SolarWinds supply-chain attack as Nobelium.
Security researchers with the Microsoft Threat Intelligence Center and the Microsoft 365 Defender Research Team found three new malware strains named GoldMax, Sibot, and GoldFinder.
The Nobelium hackers used these malware strains during late-stage activity between August and September 2020.
Sibot: VBScript-based malware used for maintaining persistence and downloading additional malware payloads using a second-stage script.
FireEye researchers believe the new malware dubbed Sunshuttle is linked to the SolarWinds hackers tracked as UNC2452, StellarParticle, SolarStorm, Dark Halo, and now Nobelium.
News URL
Related news
- Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (source)
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- Microsoft: Exchange Online mistakenly tags emails as malware (source)
- Microsoft mistake blows up admins' inboxes with fake malware alerts (source)
- South Korean hackers exploited WPS Office zero-day to deploy malware (source)
- New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- Fake OnlyFans cybercrime tool infects hackers with malware (source)
- GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware (source)
- Chinese hackers use new data theft malware in govt attacks (source)