Microsoft and cybersecurity firm FireEye has identified three new malware used by SolarWinds hackers in their last year’s attack on highly critical private and government cyberinfrastructure in the United States.
According to FireEye and Microsoft’s latest analysis, the SolarWinds hack was far more sinister than it initially appeared to be.
Reportedly, the companies have discovered three more malware strains linked with the alleged Russian threat actor previously reported as Solarigate and now renamed Nobelium by Microsoft and UNC2542 by FireEye.
The attackers breached SolarWinds’ Orion software and, using its update, launched targeted attacks against federal agencies and many high-profile organizations.
Sunshuttle, GoldFinder, and Sibot malware
One of the three strains was identified by FireEye, which dubbed it Sunshuttle. The other two were discovered by Microsoft and were named GoldFinder and Sibot, while it referred to FireEye’s Sunshuttle as GoldMax.
GoldMax or Sunshuttle are backdoors, whereas Sibot is a dual-purpose malware, and GoldFinder is also malware.
However, the two firms discovered the malware strains in overlapping time frames. Microsoft identified active strains between August and September, but the company believes that the systems were compromised as early as June 2020.
FireEye claims that Sunshuttle was uploaded on a public malware repository in August last year.
SolarWinds Hack a Work of Sophisticated Actors
According to Microsoft, ..