Security News > 2021 > March > Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

FireEye and Microsoft on Thursday said they discovered three more malware strains in connection with the SolarWinds supply-chain attack, including a "Sophisticated second-stage backdoor," as the investigation into the sprawling espionage campaign continues to yield fresh clues about the threat actor's tactics and techniques.

Dubbed GoldMax, GoldFinder, and Sibot, the new set of malware adds to a growing list of malicious tools such as Sunspot, Sunburst, Teardrop, and Raindrop that were stealthily delivered to enterprise networks by alleged Russian operatives.

"These tools are new pieces of malware that are unique to this actor," Microsoft said.

Spotted between August to September 2020, SUNSHUTTLE is a Golang-based malware that acts as a command-and-control backdoor, establishing a secure connection with an attacker-controlled server to receive commands to download and execute files, upload files from the system to the server, and execute operating system commands on the compromised machine.

For its part, FireEye said it observed the malware at a victim compromised by UNC2452, but added it hasn't been able to fully verify the backdoor's connection to the threat actor.

"In all stages of the attack, the actor demonstrated a deep knowledge of software tools, deployments, security software and systems common in networks, and techniques frequently used by incident response teams."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/XE7umcFDOHw/researchers-find-3-new-malware-strains.html