Security News

"The design of SUNSPOT suggests StellarParticle developers invested a lot of effort to ensure the code was properly inserted and remained undetected, and prioritized operational security to avoid revealing their presence in the build environment to SolarWinds developers," CrowdStrike found. This is the third malware strain found while investigating the SolarWinds supply-chain attack and associated with the threat actor tracked as StellarParticle(CrowdStrike), UNC2452(FireEye), and Dark Halo.

Kaspersky Lab reckons the SolarWinds hackers may have hailed from the Turla malware group, itself linked to Russia's FSB security service. Referring to the hidden backdoor secretly implanted in SolarWinds' Orion product, Kaspersky's Georgy Kucherin wrote in a blog post on Monday: "While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar."

As the investigation into the SolarWinds supply-chain attack continues, cybersecurity researchers have disclosed a third malware strain that was deployed into the build environment to inject the backdoor into the company's Orion network monitoring platform. "This highly sophisticated and novel code was designed to inject the Sunburst malicious code into the SolarWinds Orion Platform without arousing the suspicion of our software development and build teams," SolarWinds' new CEO Sudhakar Ramakrishna explained.

New details on the Sunburst backdoor used in the sprawling SolarWinds supply-chain attack potentially link it to previously known activity by the Turla advanced persistent threat group. "After the Sunburst malware was first deployed in February 2020, Kazuar continued to evolve and later 2020 variants are even more similar, in some respects, to Sunburst," the firm noted in an analysis published on Monday.

Researchers have identified some similarities between the Sunburst malware used in the SolarWinds supply chain attack and Kazuar, a backdoor that appears to have been used by the Russia-linked cyber-espionage group known as Turla. On Monday, Kaspersky reported finding an interesting link between the Sunburst malware delivered by the SolarWinds attackers and Kazuar, a.NET backdoor that has been around since at least 2015 and which was first detailed in 2017 by Palo Alto Networks.

Embattled and embarrassed network management shop SolarWinds has reportedly hired two of the highest profile security bods in the biz to sort out its woes. On Friday the news broke that Chris Krebs, formerly the head of the US government's Cybersecurity and Infrastructure Security Agency until he was fired by presidential tweet for saying the American election wasn't hacked, has started a consultancy with former Facebook and Yahoo! security chief Alex Stamos.

With the budgeting cycles,starting back up again, I think that we're gonna see a lot of investment in cloud security and endpoint security for employee off-site devices and things like that. I'm really curious what the implication there might be for security, because I think that there's going to be a lot of other unprecedented security challenges or issues, as employees go back to work - whether it's companies starting to think about using exposure notification or contact-tracing apps within the workplace - or companies struggling with a hybrid remote/employees working in the office model think.

The SolarWinds hack exposed sealed US court documents - which could have a serious effect on Western sanctions against state-backed hackers. Infosec journalist Brian Krebs reported a US Courts Administrative Office statement about the impact of the Russian-backed SolarWinds hack, quoting an anonymous source as saying that the agency was "Hit hard".

Which has been embroiled in a recent, widescale hack, has called in two security powerhouses for help: Former director of the Cybersecurity and Infrastructure Security Agency Chris Krebs, and former Facebook security executive Alex Stamos. Stamos over the past year has been tapped by other companies hit by various security scandals - including Zoom, after a COVID-19 surge in its user base led to Zoom-bombing cyberattacks and privacy concerns.

Microsoft Believes 1,000 Hackers Involved in SolarWinds Attack - Microsoft executive Brad Smith says more than a thousand software engineers were most likely involved in the SolarWinds attack, and that Microsoft tasked 500 engineers with investigating the attack. Many SolarWinds Customers Failed to Secure Systems Following Hack - Many companies still expose SolarWinds Orion to the internet and have failed to take action following the disclosure of the massive SolarWinds breach, according to RiskRecon.