202112 Jan
Third malware strain discovered in SolarWinds supply chain attack
Type
General News
Companies
Source
Zdnet
Summary

Threat actors would then decide if a victim was important enough to compromise and would deploy the more powerful Teardrop backdoor trojan on these systems while, at the same time, instruct Sunburst to delete itself from networks it deemed insignificant or too high risk. "The subsequent October 2019 version of the Orion Platform release appears to have contained modifications designed to test the perpetrators ability to insert code into our builds," SolarWinds CEO Sudhakar Ramakrishna said today, in an assessment also echoed by the CrowdStrike report. Kaspersky was very careful in its language today to point out that it found only "code overlaps" but not necessarily that it believes that the Turla group orchestrated the SolarWinds attack. But while security firms have stayed away from attirbution, last week, US government officials formally blamed the SolarWinds hack on Russia, describing the hackers as "likely Russian in origin." Right now, the SolarWinds hackers are tracked under different names, such as UNC2452 (FireEye, Microsoft), DarkHalo (Volexity), and StellarParticle (CrowdStrike), but this designation is expected to change once companies learn more.

Classifications
  • Networking
  • Virtualization & Network Resources
  • Security
  • Virus Protection Software
  • Security Software
  • Telecommunications
  • AI & Machine learning
  • Computer System Management