Dismiss this notice
ExpressVPN Valentines 2021 Giveaway - https://www.geeks.fyi/showthread.php?tid=14246

Dismiss this notice
Internet Download Manager Giveaway - https://www.geeks.fyi/showthread.php?tid=14245

Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Microsoft, FireEye Unmask More Malware Linked to SolarWinds Attackers
#1
Information 
Quote:Researchers have uncovered more custom malware that is being used by the threat group behind the SolarWinds attack.
 
Researchers with Microsoft and FireEye identified three new pieces of malware that the companies said are being used in late-stage activity by the threat actor (previously called Solarigate by Microsoft and now renamed Nobelium; and called UNC2542 by FireEye).
 
The malware families include: A backdoor that’s called GoldMax by Microsoft and called Sunshuttle by FireEye; a dual-purpose malware called Sibot discovered by Microsoft; and a malware called GoldFinder also found by Microsoft.
 
As background, adversaries were able to use SolarWinds’ Orion network management platform to infect targets by pushing out a custom backdoor called Sunburst via trojanized product updates. Sunburst was delivered to almost 18,000 organizations around the globe, starting last March, before being discovered in December. With Sunburst embedded, the attackers were then able to pick and choose which organizations to further penetrate, in a sprawling cyberespionage campaign that has hit the U.S. government, tech companies and others hard.
 
Microsoft said that it discovered these latest custom attacker tools lurking in some networks of customer compromised by the SolarWinds attackers. It observed them to be in use from August to September – however, researchers said further analysis revealed these may have been on compromised systems as early as last June.
 
“These tools are new pieces of malware that are unique to this actor,” said Ramin Nafisi and Andrea Lelli with Microsoft, in a posting on Thursday. “They are tailor-made for specific networks and are assessed to be introduced after the actor has gained access through compromised credentials or the SolarWinds binary, and after moving laterally with Teardrop and other hands-on-keyboard actions.”

Read more: https://threatpost.com/microsoft-fireeye...ds/164512/
[-] The following 1 user Likes silversurfer's post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Recent Posts
How to use Google Chrome Flags to enable...
Google Chrome a...harlan4096 — 13:45
Novel Email-Based Campaign Targets Bloom...
A new e-mail-based...silversurfer — 13:03
Mozilla Fixes Firefox Flaw That Allowed ...
The Mozilla Foundat...silversurfer — 12:58
Threat actors stole driver license numbe...
Threat actors stol...silversurfer — 12:55
NitroRansomware Asks for $9.99 Discord G...
The NitroRansomwar...silversurfer — 12:53

[-]
Birthdays
Today's Birthdays
avatar (40)wapedDow
Upcoming Birthdays
avatar (46)steakelask
avatar (40)Termoplenka
avatar (38)bycoPaist
avatar (44)pieloKat
avatar (38)ilyagNeexy
avatar (46)donitascene
avatar (46)Toligo

[-]
Online Staff
There are no staff members currently online.

>