Security News > 2021 > March > Microsoft reveals 3 new malware strains used by SolarWinds hackers
Microsoft has revealed information on newly found malware the SolarWinds hackers deployed on victims' networks as second-stage payloads.
The company now tracks the "Sophisticated attacker" who used the Sunburst backdoor and Teardrop malware during the SolarWinds supply-chain attack as Nobelium.
Security researchers with the Microsoft Threat Intelligence Center and the Microsoft 365 Defender Research Team found three new malware strains named GoldMax, Sibot, and GoldFinder.
The Nobelium hackers used these malware strains during late-stage activity between August and September 2020.
Sibot: VBScript-based malware used for maintaining persistence and downloading additional malware payloads using a second-stage script.
FireEye researchers believe the new malware dubbed Sunshuttle is linked to the SolarWinds hackers tracked as UNC2452, StellarParticle, SolarStorm, Dark Halo, and now Nobelium.
News URL
Related news
- Microsoft: macOS bug lets hackers install malicious kernel drivers (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- Hacker infects 18,000 "script kiddies" with fake malware builder (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Hackers spoof Microsoft ADFS login pages to steal credentials (source)
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- Microsoft says attackers use exposed ASP.NET keys to deploy malware (source)