Security News > 2021 > March > Microsoft reveals 3 new malware strains used by SolarWinds hackers
Microsoft has revealed information on newly found malware the SolarWinds hackers deployed on victims' networks as second-stage payloads.
The company now tracks the "Sophisticated attacker" who used the Sunburst backdoor and Teardrop malware during the SolarWinds supply-chain attack as Nobelium.
Security researchers with the Microsoft Threat Intelligence Center and the Microsoft 365 Defender Research Team found three new malware strains named GoldMax, Sibot, and GoldFinder.
The Nobelium hackers used these malware strains during late-stage activity between August and September 2020.
Sibot: VBScript-based malware used for maintaining persistence and downloading additional malware payloads using a second-stage script.
FireEye researchers believe the new malware dubbed Sunshuttle is linked to the SolarWinds hackers tracked as UNC2452, StellarParticle, SolarStorm, Dark Halo, and now Nobelium.
News URL
Related news
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)