Security News > 2021 > March > Three New Malware Strains Linked to SolarWinds Hackers
Microsoft and cybersecurity firm FireEye on Thursday published blog posts detailing several new pieces of malware that they believe are linked to the hackers behind the supply chain attack targeting Texas-based IT management solutions provider SolarWinds.
Microsoft has started tracking the threat actor behind the SolarWinds attack as NOBELIUM. The company has identified three new pieces of malware that it believes are used by the group after they have compromised the targeted organization's network.
FireEye described SUNSHUTTLE as a second-stage backdoor and said it had seen the malware on the systems of an organization targeted by the SolarWinds hackers, which it tracks as UNC2452.
Another new NOBELIUM-linked malware discovered by Microsoft is Sibot, which the tech giant described as a dual-purpose malware written in VBScript.
The third piece of malware linked by Microsoft to the SolarWinds hackers is named GoldFinder and it has been described as a "Custom HTTP tracer tool that logs the route or hops that a packet takes to reach a hardcoded C2 server." GoldFinder can find the HTTP proxy servers, network security devices and other systems that a request travels through before reaching the C&C server.
One of them, which has been linked to Russia, was behind the supply chain attack that involved hacking into SolarWinds' networks and the delivery of malware to thousands of its customers.
News URL
Related news
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn (source)