As yet another piece of malware has been uncovered in the attack on SolarWinds network management system software, there still remain several missing elements needed to draw a complete picture of the massive cyberattacks against major US government agencies and corporations, including security vendor and incident response expert FireEye.
SolarWinds and CrowdStrike this week detailed a third malware tool — dubbed Sunspot — that was found in the attack on the software vendor. Sunspot is a custom program that inserted the so-called Sunburst backdoor into the software build environment of SolarWinds' Orion network management product. CrowdStrike, which analyzed Sunspot on behalf of SolarWinds, says the tool was carefully planted somehow by the attackers and kept hidden from SolarWinds developers with sophisticated tracking and camouflaging so it couldn't be detected.
"This is a purpose-built tool," says Adam Meyers, vice president of intelligence at CrowdStrike.
In a rare reversal of roles when it comes to nation-state attribution, the US intel community has publicly cited Russia as the perpetrator in the attacks, while security firms FireEye and CrowdStrike, which specialize in nation-state activity, have been unusually cautious in identifying a threat group or nation behind the attacks. Neither vendor will confirm whether it's Russia.
FireEye CEO Kevin Mandia last week noted during an Aspen Institute panel event that the attack group here "smells a lot different" despite similarities in its behavior to known nation-states. FireEye was the first to spot and report the attack on SolarWinds' software after disc ..
Support the originator by clicking the read the rest link below.
