Friday, January 15, 16:07
Home security SolarWinds: A third malware used in the attack was found

SolarWinds: A third malware used in the attack was found

Η CrowdStrike, one of Companies investigating supply chain attack by SolarWinds, said that located a third malware which appears to be directly involved in hack.

SolarWinds malware

The two previous malware that was discovered was Sunburst (Solorigate) and Teardrop. The new malware is called Sunspot.

According to CrowdStrike researchers, Sunspot was the first malware used by cyber criminals to carry it out attack.

Sunspot malware was "running" on SolarWinds build server

Crowdstrike reports in exhibition that Sunspot was developed when hackers violated SolarWinds internal network for the first time.

According to researchers, Sunspot malware installed on SolarWinds build server. The sole purpose of the malware was to monitor the build server for build commands related to Orion, one of the top products of SolarWinds used by more than 33.000 customers (worldwide).

By detecting a build command, the malware silently replaced source code files in the Orion app with files loading Sunburst malware. This resulted in creating versions of the Orion app that also installed the Sunburst malware.

These trojanized Orion clients have reached the official updates of SolarWinds servers and were installed in the networks of many of the company's customers.

Soon after, Sunburst was activated in the internal networks of SolarWinds companies and government customer services, and gathered data which he sent back to the hackers (the Symantec provides information on how to send data via DNS request).

The attackers then decided if one victim was important enough to be violated and they used the most powerful Teardrop trojan. At the same time, Sunburst was ordered to be deleted from non-significant or high-risk networks.

However, the revelation about the third malware involved in the SolarWinds attack is not the only one that came to light in the last few hours.

In an announcement on its blog, SolarWinds posted one schedule of the invasion. The company said that before the development of Sunburst software between March and June 2020, The hackers had done some testing between September and November 2019.

"The October 2019 version of the Orion Platform contained modifications designed to test perpetrators' ability to enter code into our systemsSaid SohaWinds CEO Sudhakar Ramakrishna.

The other discovery released by Kaspersky, is that Sunburst bears similarities to malware used by the Russian hacking group Turla.

Kaspersky pointed out that it just found some similarities in the code and that this does not necessarily mean that the same team is behind the SolarWinds attack.

The companies security make more cautious statements about the possible attacker, though the US government has already said publicly that most likely the Russia is responsible for the attack.

The companies security suggest that such statements not be made yet, as the investigation is at an early stage.

At present, the attackers are being monitored under different names, such as UNC2452 (FireEye, Microsoft), DarkHalo (Volexity) and StellarParticle (CrowdStrike), but the name is expected to change as soon as Companies learn more.

Source: ZDNet


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!


Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...

Facebook: Sues Chrome extensions developers for data theft

Facebook has filed a lawsuit against two Portuguese nationals for developing Chrome extensions that collected data from Facebook users.

Cisco does not fix 74 bugs in RV routers that have reached their EOL

Cisco said yesterday that it will not release firmware updates to fix 74 vulnerabilities that have been reported in ...

Hacker commits new crimes while waiting for his release!

A Kosovo hacker was pardoned after his conviction. The hacker provided personally identifiable information over 1.000 ...

Nintendo rules out Game & Watch video hacking

Two copyright claims against a YouTuber have been filed by Nintendo, for a video showing hacking of Super Mario ...

The number of reported CVEs increased by 6%!

According to a new analysis released on the level and volume of vulnerabilities in 2020, the total number of CVEs ...