"Three New Malware Strains Linked to SolarWinds Hackers"

Researchers at Microsoft and the cybersecurity firm FireEye have shared details about new pieces of malware believed to be linked to the threat actors behind the SolarWinds supply chain attack. Microsoft is tracking the threat actor behind the SolarWinds attack as "NOBELIUM." The company identified three new malware strains named GoldMax, GoldFinder, and Sibot, supposedly used by the group following the compromise of the targeted organization's network. According to Microsoft, these malware strains have been used to maintain persistence and perform other specific activities. GoldMax was written in the Go programming language and is designed to act as a command-and-control (C2) backdoor, creating scheduled tasks that impersonate system management software for persistence. GoldFinder is described as a custom HTTP tracer tool. Sibot has been described as a dual-purpose malware written in VBScript that allows attackers to download and execute payload from a remote server, and maintain persistence. This article continues to discuss recent findings surrounding the three new malware strains linked to the threat actors behind the SolarWinds attack, as well as the threat groups that have targeted the software company.

Security Week reports "Three New Malware Strains Linked to SolarWinds Hackers"