News It became known about three new malware used in the attack on SolarWinds


sanok

Essential
Joined
28.09.20
Messages
56
Reaction score
165
Points
18
In total, three types of malware were detected — GoldMax, Sibot, and GoldFinger.

Security researchers from Microsoft and FireEye have published separate reports detailing new malware variants that were used by attackers as part of an attack on the SolarWinds supply chain and its customers in 2020. To describe the cybercrime group responsible for this attack, Microsoft specialists gave it the code name Nobelium.

In total, three malicious programs were detected:

* GoldMax-a backdoor written in the Go programming language that attackers used to execute various commands on compromised systems. The same malware is detailed in a FireEye report called SUNSHUTTLE.

* Sibot-malware written in the VBScript scripting language, designed to ensure the persistence of downloads on infected systems. In total, three different variants of this pest were identified.

* GoldFinger-another Go-language malware that was used by hackers as an HTTP trace tool to log the route of packets to get to the embedded C & C server from an infected host.

These malware agents have added to the list of hacking programs used by criminals during the attack on SolarWinds, which already includes Sunspot (software deployed in the SolarWinds internal network to poison the Orion application build process), Solorigate/Sunburst (an intelligence tool), Teardrop (a backdoor for executing other commands) and Raindrop (a second-level backdoor deployed in some networks instead of Teardrop).

"At all stages of the attack, the attacker demonstrated an in-depth knowledge of the software tools, deployments, security software and systems common in the networks, as well as the methods often used by incident response teams. This knowledge is reflected in the operational decisions of the subject, from the choice of the C&C server infrastructure to the name of the planned tasks used to maintain stability, " the specialists explained.
 
Top Bottom