• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Third Malware Strain Discovered as Part of SolarWinds Attack

You are here: Home / General Cyber Security News / Third Malware Strain Discovered as Part of SolarWinds Attack

Security researchers have uncovered yet another malware strain used by Russian attackers to compromise SolarWinds.

Sunspot was used by attackers to inject the Sunburst backdoor code into the vendor’s Orion platform without setting off any internal alarms, CrowdStrike said in a blog post yesterday.

According to the security firm, which did not attribute the attack to anyone, the attackers went to great lengths to “ensure the code was properly inserted and remained undetected, and prioritized operational security to avoid revealing their presence in the build environment to SolarWinds developers.”

✔ Approved Seller by TheCyberSecurity.News From Our Partners
Acronis True Image 2021

Protect and backup your data using Acronis True Image. Acronis is made in Germany and is a leading brand in IT back up and secirity for years. Acronis True Image take secure and enxrypted backups from your Wdindows and macOS. With Acronis True image you will never be worried about Ransomware attacks and virus infections.

Get Acronis with 50% discount from our partner: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Sunspot worked by sitting on SolarWinds’ build server and monitoring running processes for instances of MsBuild.exe, which is part of Microsoft Visual Studio development tools. If it saw that Orion software was being built, it would hijack the operation to insert Sunburst.

The resulting Trojanized version of Orion was then installed on SolarWinds customer systems. Around 33,000 such customers exist around the world, but only a relatively small handful were singled out by the attackers for the next stage of the campaign.

These victims, including multiple US government entities such as the Department of Justice, were monitored by Sunburst and then hit with a secondary Trojan, Teardrop, which delivered further payloads.

According to a timeline from SolarWinds released yesterday, the attackers first accessed its internal systems in September 2019, and around a week later they injected test code to effectively check the efficacy of Sunspot.

Sunburst was then compiled and deployed into the Orion platform in February 2020, although it was only in December, when FireEye discovered it was hit in the same campaign, that the whole story started to become clear.

Also yesterday, Kaspersky released new research indicating that the Sunburst malware contains multiple similarities with the Kazuar remote access backdoor previously linked to the long-running Russian APT group Turla.


Some parts of this article are sourced from:
www.infosecurity-magazine.com

Previous Post: «Experts Sound Alarm On New Android Malware Sold On Hacking Experts Sound Alarm On New Android Malware Sold On Hacking Forums

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • Third Malware Strain Discovered as Part of SolarWinds Attack
  • Experts Sound Alarm On New Android Malware Sold On Hacking Forums
  • Chinese Startup Leaks Social Profiles of 214 Million Users
  • SolarWinds hackers first breached systems in September 2019
  • Big Tech Bans Social Networking App
  • Lack of Funding Could Lead to “Lost Generation” of Cyber-Startups
  • Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor
  • ‘I’ll Teams you’: Employees assume security of links, file sharing via Microsoft comms platform
  • DarkSide decryptor unlocks systems without ransom payment – for now
  • Researchers see links between SolarWinds Sunburst malware and Russian Turla APT group

Copyright © TheCyberSecurity.News, All Rights Reserved.