The Latest on SolarWinds - ThreatWire
Added 2021-03-09 17:53:01 +0000 UTCBy Shannon Morse, ThreatWire
With the continuing development of the SolarWinds hack, the White House is working on an executive order that focuses on “building in standards for software, particularly software that’s used in critical areas”. We got this update from the Biden Administration’s Anne Neuberger, the deputy national security adviser for cyber and emerging technology, during the SANS Institute’s ICS Security Summit. This is part of a more proactive approach to cybersecurity - instead of just mitigating attacks that happen, the administration is pushing orgs to conduct reviews and approach security -before- an attack happens.
SolarWinds is far from being out of the headlines, though. Microsoft just reported that three new malware strains have been found. These are second-stage payloads they discovered on some victim networks. The new strains are called GoldMax, Sibot, and GoldFinder. These are tailor-made for specific targets and are introduced to a network after the attacker has gained a foothold. GoldMax is a Command and Control backdoor that includes decoy network traffic to conceal itself. Sibot is a VBScript based malware which can gain persistence and download additional payloads. And GoldFinder likely uses a custom HTTP tracer tool to find devices that are on the infected network.
FireEye also reported on a second stage backdoor for SolarWinds attackers and called it Sunshuttle. It appears to be the same malware strain as GoldMax based on the C2 domain they use. These are all in addition to the previous ones we already know about called Sunburst and Teardrop.
Microsoft said these malware strains were seen around August to September, with some instances noted as early as June.
Links:
SolarWinds malware strains
https://www.cyberscoop.com/white-house-executive-order-software-solarwinds-neuberger/
