In brief Another form of malware installed in servers made vulnerable by flaws in SolarWinds' Orion management software has been spotted in the wild.
The malware strain, identified as SUNSHUTTLE by boffins at security shop FireEye, is a backdoor attack written in Go which uses HTTPS to communicate with a command-and-control server for data exfiltration, adding new code as needed. Someone based in the US uploaded the malware to a public malware repository in August last year, well before the attack.
No doubt there is more malware to come. Brandon Wales, acting director of the US Cybersecurity and Infrastructure Agency, warned this week it could take 18 months to clean up this mess, and that's looking increasingly likely.
Support the originator by clicking the read the rest link below.
