Security News

Microsoft has revealed information on newly found malware the SolarWinds hackers deployed on victims' networks as second-stage payloads. The company now tracks the "Sophisticated attacker" who used the Sunburst backdoor and Teardrop malware during the SolarWinds supply-chain attack as Nobelium.

FireEye discovered a new "Sophisticated second-stage backdoor" on the servers of an organization compromised by the threat actors behind the SolarWinds supply-chain attack. The new malware is dubbed Sunshuttle, and it was "Uploaded by a U.S.-based entity to a public malware repository in August 2020.".

SolarWinds has reported expenses of $3.5 million from last year's supply-chain attack, including costs related to incident investigation and remediation. Further expenses were recorded by SolarWinds after paying for legal, consulting, and other professional services related to the December hack and provided to customers for free.

As cybersecurity researchers continue to piece together the sprawling SolarWinds supply chain attack, top executives of the Texas-based software services firm blamed an intern for a critical password lapse that went unnoticed for several years. In a hearing before the House Committees on Oversight and Reform and Homeland Security on SolarWinds on Friday, CEO Sudhakar Ramakrishna testified that the password had been in use as early as 2017.

SolarWinds announced the APM Integrated Experience for the SolarWinds application performance management solutions-AppOptics, Loggly, and Pingdom-consolidating access to application performance metrics, traces, logs, and user experience into a common navigation experience for technology professionals. The new APM Integrated Experience helps reduce much of the complexity associated with modern APM by streamlining visibility into critical application and infrastructure performance and empowering tech pros with faster, easier troubleshooting.

Microsoft has open-sourced CodeQL queries that developers can use to scan source code for malicious implants matching the SolarWinds supply-chain attack. To make sure the attackers did not modify their code, Microsoft created CodeQL queries that were used to scan their codebase for malicious implants matching the SolarWinds IOCs.

NASA and the US Federal Aviation Administration have also been compromised by the nation-state hackers behind the SolarWinds supply-chain attack, according to a Washington Post report. NASA is an independent U.S. federal agency coordinating its civilian space program.

Threat actors downloaded some Microsoft Exchange and Azure code repositories during the sprawling SolarWinds supply-chain attack but did not use the company's internal systems or products to attack other victims. "We have now completed our internal investigation into the activity of the actor which confirms that we found no evidence of access to production services or customer data," the company said in a blog post on its Microsoft Security Response Center published Thursday.

Microsoft said on Thursday that it has completed its internal investigation into the activities conducted by the hackers that breached Texas-based IT management firm SolarWinds. The tech giant previously admitted that the hackers had managed to access some internal source code, but said they did not compromise or modify its software.

Microsoft has admitted that as a result of installing backdoored SolarWinds tools in some parts of its corporate network, portions of its source code was obtained and exfiltrated by parties unknown. "There was no case where all repositories related to any single product or service was accessed," the update advises, adding: "There was no access to the vast majority of source code. For nearly all of code repositories accessed, only a few individual files were viewed as a result of a repository search."