Login to comment
"In an interesting turn of events, the investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product" Wow, keeps getting worse. See the "additional malware" section. https://t.co/ggm2wXUeIr— Brent Ozar (@BrentO) December 19, 2020
SolarWinds supply chain hack twist:— Ryan Naraine (@ryanaraine) December 20, 2020
1. New malware.
2. Unrelated to the known compromise.
3. Used by a different threat actor.
4. New malware is small persistence backdoor that allows remote code execution through SolarWinds web application serverhttps://t.co/kvcDFzxCaH
From Cisco, Intel and VMWare to the likes of Kent State University and California hospitals: @WSJ identified infected computers at two dozen organizations that installed the tainted SolarWinds software, showing the wide reach of the suspected Russian hack https://t.co/U3vCGm86ON— Dustin Volz (@dnvolz) December 21, 2020
Mostly for nerds (if you don't know what a DLL is don't bother reading): Fascinating Microsoft analysis of the SolarWinds hack. Surprise ending: MS found ANOTHER, unrelated hack that even affects the SW hack! (Appendix, "Additional malware discovered") https://t.co/G39obv0ai3— Bill Harts (@AlgoTrdr) December 20, 2020
Fascinating technical detail on the compromised file that launched the massive SolarWinds hack. It was built from the ground up to evade detection, incl. by running checks to make sure it wasn't on a test machine: https://t.co/cLMnXcV2JV pic.twitter.com/OXLJCOAdkV— Drew Harwell (@drewharwell) December 21, 2020
Missed this yesterday, but Microsoft said it discovered "an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor." https://t.co/oavqXZiYIk— Eric Geller (@ericgeller) December 20, 2020
Some SolarWinds systems were found compromised with malware named Supernova and CosmicGale, unrelated to the recent supply chain attack.— Catalin Cimpanu (@campuscodi) December 21, 2020
Security researchers believe this malware is the result of a second hacking group targeting SolarWinds systemshttps://t.co/1OeIJtgKDo pic.twitter.com/6VBJqwFLmp
Login to comment
A second hacking group has targeted SolarWinds systems#cybersecurity #riskmanagement #phishing #malware #Infosec #cyberthreats #ramsomware #hacking #dataprotection #privacy#dataleak #informationsecurity #cyberattacks #databreachhttps://t.co/tpgFIJgErY pic.twitter.com/ttYAv2lFB5— Paula Piccard 🇵🇷 🇺🇸 (@Paula_Piccard) December 21, 2020
Researchers have discovered a SUPERNOVA malware backdoor in SolarWinds - likely from another #hacker. This trojanized variant of a legitimate .NET library was found during #DFIR investigations. Read more: https://t.co/pLL3GBAprX #cybersecurity #CISO #Infosec #ITsecurity— LMG Security (@LMGSecurity) December 21, 2020
New #SUPERNOVA #backdoor found in @SolarWinds #cyberattack analysis. The #malware is a #webshell planted in the code of the #Orion network and applications monitoring. @dynamicCISO #GirlsWhoCode #SolarWinds #SolarWindsOrion #SolarWindsHack https://t.co/38Xnu9PEaT— rneelmani (@rneelmani) December 22, 2020
New SUPERNOVA backdoor found in SolarWinds cyberattack analysis#cybersecurity #riskmanagement #phishing #malware #Infosec#cyberthreats #ramsomware #hacking #dataprotection #privacy#dataleak #informationsecurity #cyberattacks #databreachhttps://t.co/BmNGKfGtNy pic.twitter.com/hvUWp3QWjo— Paula Piccard 🇵🇷 🇺🇸 (@Paula_Piccard) December 21, 2020
Login to comment