Articles Uncategorized The SolarWinds attack used a third malware: Sunspot

The SolarWinds attack used a third malware: Sunspot

-

CrowdStrike experts investigating the recent attack on SolarWinds and its customers said they had discovered the third malware involved in this operation. The malware was named Sunspot.

The Crowdstrike report states that although Sunspot malware was the last detected, hackers used it first: it was deployed back in September 2019, when attackers first entered SolarWinds’ internal network. Then Sunspot was installed on the company’s build server.

This malware had only one purpose – it had to monitor the build server while waiting for commands related to the Orion platform, which was eventually compromised by the cybercriminals, and the company’s clients installed infected versions. For example, if Sunspot found a build command for Orion, it subtly replaced files inside the application with malicious files with the SUNBURST backdoor.

When the infected version of Orion was installed on the networks of customers (companies and government agencies), SUNBURST activated, collecting data on victims, and then sending this information to its operators. If, in the end, the hackers decided that the victim was a promising target for the attack, they removed SUNBURST and replaced it with the more powerful Teardrop backdoor Trojan.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you