Security News > 2021 > September > SAS 2021: ‘Tomiris’ Backdoor Linked to SolarWinds Malware

SAS 2021: ‘Tomiris’ Backdoor Linked to SolarWinds Malware
2021-09-29 14:45

Researchers have discovered a campaign delivering a previously unknown backdoor they're calling Tomiris.

Namely, Tomiris has a number of similarities to the Sunshuttle second-stage malware that was distributed by Nobelium.

Nobelium also isn't the only APT that could have links to the malware; the researchers said that the targeting of the Tomiris campaign shows a number of overlaps with Kazuar, a backdoor linked to the Turla APT, first reported by Palo Alto in 2017.

When Kaspersky researchers traced the attackers' path, they found that the purported update was actually a previously unknown backdoor: Tomiris, a backdoor designed to establish a foothold in compromised systems that could be used to download additional, as yet unidentified malware.

Tomiris proved suspiciously similar to the Sunshuttle/GoldMax second-stage malware that was deployed by the Sunburst backdoor in the SolarWinds attacks.

The Tomiris backdoor was discovered in networks where other machines were infected with Kazuar - the backdoor which is known for its code overlaps with the Sunburst backdoor.


News URL

https://threatpost.com/tomiris-backdoor-solarwinds-malware/175091/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 44 0 80 95 40 215
SAS 11 0 6 4 2 12