The true identity of the hackers behind the SolarWinds supply chain assault is still unknown to cybersecurity experts, although organisations and agencies in the United States have noted that they have their suspicions.ĬEO for Sudhakar Ramakrishna CEO of SolarWinds commented:
CROWDSTRIKE COBALT STRIKE CODE
Named SuperNova, this dedicated malware was dropped in the form of a DLL file that empowered hackers with the ability to remotely transmit, compile and then execute code on the compromised devices. This is yet another form of malware to be identified during the investigation of the recent supply-chain attack linked with the hackers that CrowdStrike tracks as StellarParticle, FireEye tracks as UNC2452 and Volexity tracks as Dark Halo.Ī second strain of malware is the Sunburst backdoor malware, which was launched by the SolarWinds hacker gang on enterprise and organisation systems that unknowingly installed Orion builds infected with trojans through the platform’s in-built mechanism for automatic updates.Īfter a selection of Sunburst samples were recovered that had dropped different payloads, cybersecurity experts at FireEye discovered another malware type called Teardrop, a previously unidentified dropper that is memory-only and a tool for post-exploitation employed to action customised beacons for Cobalt Strike.Ī fourth type of malware, not currently connected to the threat operator known as StellarParticle but delivered via Orion builds that included trojans, was also uncovered by Microsoft and Palo Alto Networks Unit 42 when they were conducting an investigation into the SolarWinds hack.
CROWDSTRIKE COBALT STRIKE SOFTWARE
“This highly sophisticated and novel code was designed to inject the SUNBURST malicious code into the SolarWinds Orion platform without arousing the suspicion of our software development and build team.” An extensive range of malware strains Sudhakar Ramakrishna, CEO for SolarWinds, echoed the findings of CrowdStrike, commenting: “The design of SUNSPOT suggests StellarParticle developers invested a lot of effort to ensure the code was properly inserted and remained undetected and prioritised operational security to avoid revealing their presence in the build environment to SolarWinds developers.” Following successful execution, the malicious software was able to efficiently monitor and inject a backdoor for Sunburst automatically by cunningly replacing the enterprise’s authentic source code with an insidious type of malicious code instead.Īs reported by Bleeping Computer, CrowdStrike specialists explained:
SolarWinds attack analysisĬalled Sunspot by CrowdStrike, the malware was deployed by the gang of hackers within the Orion IT management software’s dedicated development environment. The malicious software enabled the cybercriminals to insert backdoors into builds for the Orion platform in the widespread attack on supply chains that effectively compromised both government agencies and multiple organisations and was uncovered in December 2020. Cybersecurity experts at CrowdStrike have identified the malware type employed in the recent SolarWinds hack.
0 kommentar(er)
