Security News > 2021 > March > Three New Malware Strains Linked to SolarWinds Hackers

Microsoft and cybersecurity firm FireEye on Thursday published blog posts detailing several new pieces of malware that they believe are linked to the hackers behind the supply chain attack targeting Texas-based IT management solutions provider SolarWinds.

Microsoft has started tracking the threat actor behind the SolarWinds attack as NOBELIUM. The company has identified three new pieces of malware that it believes are used by the group after they have compromised the targeted organization's network.

FireEye described SUNSHUTTLE as a second-stage backdoor and said it had seen the malware on the systems of an organization targeted by the SolarWinds hackers, which it tracks as UNC2452.

Another new NOBELIUM-linked malware discovered by Microsoft is Sibot, which the tech giant described as a dual-purpose malware written in VBScript.

The third piece of malware linked by Microsoft to the SolarWinds hackers is named GoldFinder and it has been described as a "Custom HTTP tracer tool that logs the route or hops that a packet takes to reach a hardcoded C2 server." GoldFinder can find the HTTP proxy servers, network security devices and other systems that a request travels through before reaching the C&C server.

One of them, which has been linked to Russia, was behind the supply chain attack that involved hacking into SolarWinds' networks and the delivery of malware to thousands of its customers.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/WGjTwrRDOug/three-new-malware-strains-linked-solarwinds-hackers