Sunday, January 21, 2024

New Malware Used By SolarWinds Attackers Went Undetected For Years

 


The threat actor behind the supply chain compromise of SolarWinds has continued to expand its malware arsenal with new tools and techniques that were deployed in attacks as early as 2019, once indicative of the elusive nature of the campaigns and the adversary's ability to maintain persistent access for years.

According to cybersecurity firm CrowdStrike, which detailed the novel tactics adopted by the Nobelium hacking group last week, two sophisticated malware families were placed on victim systems — a Linux variant of GoldMax and a new implant dubbed TrailBlazer — long before the scale of the attacks came to light.

Nobelium, the Microsoft-assigned moniker for the SolarWinds intrusion in December 2020, is also tracked by the wider cybersecurity community under the names UNC2452 (FireEye), SolarStorm (Unit 42), StellarParticle (CrowdStrike), Dark Halo (Volexity), and Iron Ritual (Secureworks).

The malicious activities have since been attributed to a Russian state-sponsored actor called APT29 (also known as The Dukes and Cozy Bear), a cyber espionage operation associated with the country's Foreign Intelligence Service that's known to be active since at least 2008.

GoldMax (aka SUNSHUTTLE), which was discovered by Microsoft and FireEye (now Mandiant) in March 2021, is a Golang-based malware that acts as a command-and-control backdoor, establishing a secure connection with a remote server to execute arbitrary commands on the compromised machine.

Mandiant also pointed out that Dark Halo actors had used the malware in attacks going back to at least August 2020, or four months before SolarWinds discovered its Orion updates had been tampered with malware designed to drop post-compromise implants against thousands of its customers.

In September 2021, Kaspersky revealed details of a second variant of the GoldMax backdoor called Tomiris that was deployed against several government organizations in an unnamed CIS member state in December 2020 and January 2021.

The latest iteration is a previously undocumented but functionally identical Linux implementation of the second-stage malware that was installed in victim environments in mid-2019, predating all other identified samples built for the Windows platform to date.


Also delivered around the same timeframe was TrailBlazer, a modular backdoor that offers attackers a path to cyber espionage, while sharing commonalities with GoldMax in the way it masquerades its command-and-control (C2) traffic as legitimate Google Notifications HTTP requests.

Other uncommon channels used by the actor to facilitate the attacks include —

  • Credential hopping for obscuring lateral movement
  • Office 365 (O365) Service Principal and Application hijacking, impersonation, and manipulation, and
  • Theft of browser cookies for bypassing multi-factor authentication

Additionally, the operators carried out multiple instances of domain credential theft months apart, each time leveraging a different technique, one among them being the use of Mimikatz password stealer in-memory, from an already compromised host to ensure access for extended periods of time.

"The StellarParticle campaign, associated with the Cozy Bear adversary group, demonstrates this threat actor's extensive knowledge of Windows and Linux operating systems, Microsoft Azure, O365, and Active Directory, and their patience and covert skill set to stay undetected for months — and in some cases, years," the researchers said.

More articles

  1. Hacking Tools Hardware
  2. Hack Tool Apk No Root
  3. Pentest Tools Tcp Port Scanner
  4. Hacker Tools For Pc
  5. Beginner Hacker Tools
  6. Hack Tools For Windows
  7. Hackrf Tools
  8. Hacking Tools Usb
  9. Pentest Tools Find Subdomains
  10. Hack Tools For Pc
  11. Hack Tools For Mac
  12. Hack Tools Download
  13. Growth Hacker Tools
  14. Wifi Hacker Tools For Windows
  15. Pentest Tools Download
  16. Hack Tools For Games
  17. Termux Hacking Tools 2019
  18. Hacking Tools For Beginners
  19. Hacking Apps
  20. Hacker Tools Online
  21. Hacker Tools Free
  22. Hacker Tools Free Download
  23. Hacking Tools Software
  24. Usb Pentest Tools
  25. Hacker Tools 2020
  26. Hacking Tools For Windows Free Download
  27. Pentest Tools
  28. Hacking Tools For Mac
  29. Pentest Tools Open Source
  30. Pentest Tools Port Scanner
  31. Hack Tool Apk
  32. New Hack Tools
  33. Game Hacking
  34. Hacking Tools 2019
  35. Hack Tools
  36. Blackhat Hacker Tools
  37. Hacking Tools And Software
  38. Hacker Security Tools
  39. Kik Hack Tools
  40. Free Pentest Tools For Windows
  41. How To Hack
  42. Best Hacking Tools 2020
  43. Pentest Automation Tools
  44. Pentest Tools List
  45. Tools For Hacker
  46. Hack Tools For Windows
  47. Hack Tools For Games
  48. Pentest Tools Port Scanner
  49. Pentest Tools Free
  50. Hacking Tools Kit
  51. Black Hat Hacker Tools
  52. Hack Tools For Games
  53. Hacker Tools For Pc
  54. Pentest Tools Linux
  55. Hacker Tools Github
  56. Top Pentest Tools
  57. Hacking Tools Mac
  58. Pentest Tools Apk
  59. Pentest Tools Website Vulnerability
  60. Best Hacking Tools 2020
  61. Computer Hacker
  62. World No 1 Hacker Software
  63. Hack Tool Apk No Root
  64. Nsa Hack Tools
  65. Hak5 Tools
  66. Pentest Tools Alternative
  67. Hacking Tools Hardware
  68. Hacking Tools Pc
  69. Hack Apps
  70. Hak5 Tools
  71. Pentest Tools Tcp Port Scanner
  72. Pentest Tools For Ubuntu
  73. Hacker Tools Mac
  74. Hack Tools Github
  75. Hacker Techniques Tools And Incident Handling
  76. Hacker Tools Online
  77. Hacking Tools Mac
  78. Pentest Tools Website
  79. Growth Hacker Tools
  80. Hack And Tools
  81. Hacking Tools Mac
  82. Tools 4 Hack
  83. Pentest Tools Apk
  84. Usb Pentest Tools
  85. Pentest Tools Download
  86. Hacking Tools Hardware
  87. Hack Tools For Windows
  88. Hacker Tools Apk Download
  89. Hacker Techniques Tools And Incident Handling
  90. Hacking Tools For Windows
  91. Nsa Hacker Tools
  92. Underground Hacker Sites
  93. Pentest Tools Github
  94. Wifi Hacker Tools For Windows
  95. Hack Tools For Pc
  96. Pentest Tools For Mac
  97. Pentest Tools
  98. Hacking Apps
  99. Hack Tools Download
  100. Hacking Tools Mac
  101. Hack And Tools
  102. Easy Hack Tools
  103. Pentest Tools Alternative
  104. Pentest Tools Review
  105. Hacking Tools Name
  106. Hacker Tool Kit
  107. Pentest Tools Linux
  108. Pentest Tools Windows
  109. Hacker Tools For Pc
  110. Hacker Security Tools
  111. Hacker Tools Apk
  112. How To Hack
  113. Hack Rom Tools
  114. Pentest Tools For Ubuntu
  115. Hack Tools 2019
  116. Pentest Tools Windows
  117. Hack Website Online Tool
  118. Hacking Tools Github
  119. Pentest Tools Online
  120. Hack Tools Download
  121. Pentest Tools Bluekeep
  122. Hacking Tools Kit
  123. Hacking Tools Free Download
  124. Hacker Tools Github
  125. Hacking Tools Windows 10
  126. Hacking Tools Software
  127. Hack Tools Online
  128. Hack Tools Github
  129. Hacker Tools For Mac
  130. Pentest Automation Tools
  131. Hacker Tools For Mac
  132. Hacker Techniques Tools And Incident Handling
  133. Hack And Tools
  134. Nsa Hacker Tools
  135. Nsa Hack Tools Download
  136. Hacker Tool Kit
  137. Android Hack Tools Github
  138. Hacker Tools List
  139. Nsa Hack Tools Download
  140. Hack Tools
  141. Hacking Tools Windows 10
  142. Hacker Tools Mac
  143. Hacking Tools Hardware
  144. New Hack Tools
  145. Hacker Tools For Ios
  146. Kik Hack Tools
  147. Nsa Hack Tools
  148. Free Pentest Tools For Windows
  149. Hack App
  150. Best Hacking Tools 2019
  151. Hacker Tool Kit
  152. Hacking Tools Name
  153. Tools 4 Hack
  154. Android Hack Tools Github
  155. Hack Tools
  156. Hacker Tools Hardware
  157. Hack Tool Apk No Root
  158. Hacking Tools 2020
  159. Hacker Tools For Mac
  160. Pentest Tools For Windows
  161. Pentest Tools Url Fuzzer
  162. Hacking Tools Github
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)