In brief Another form of malware installed in servers made vulnerable by flaws in SolarWinds' Orion management software has been spotted in the wild.
The malware strain, identified as SUNSHUTTLE by boffins at security shop FireEye, is a backdoor attack written in Go which uses HTTPS to communicate with a command-and-control server for data exfiltration, adding new code as needed. Someone based in the US uploaded the malware to a public malware repository in August last year, well before the attack.
No doubt there is more malware to come. Brandon Wales, acting director of the US Cybersecurity and Infrastructure Agency, warned this week it could take 18 months to clean up this mess, and that's looking increasingly likely.
Play the world's tiniest violin
It appears there's no honor among thieves after an internal war in malware forums was followed by mass doxxings and Bitcoin thefts.
Threat analyst Intel471 noted that in this past week two cybercrime forums, Maza and Exploit, reported data loss of their members' personal information. Earlier in the year two more forums, Verified and Crdclub, suffered similar problems.
"The incidents show that even perpetrators of cybercrime aren't immune from experiencing the fallout that comes with personally identifiable information being made public," said the analyst. "Various cybercrime forums are alive with chatter following the breaches, with nefarious actors wondering if their real-world identities will be discovered thanks to the leaked data."
Law enforcement is not thought to be involved in the hacking, ..