8 matches found
DarkHalo after SolarWinds: the Tomiris connection
Background In December 2020, news of the SolarWinds incident took the world by storm. While supply-chain attacks were already a documented attack vector leveraged by a number of APT actors, this specific campaign stood out due to the extreme carefulness of the attackers and the high-profile natur...
âTomirisâ Backdoor Linked to SolarWinds Malware
Researchers have discovered a campaign delivering a previously unknown backdoor theyâre calling Tomiris. Analysis of the new malware suggests that we may not have heard the last from the Nobelium advanced persistent threat APT behind the sprawling SolarWinds supply-chain attacks of 2020. Namely,...
COVID-Related Threats, PowerShell Attacks Lead Malware Surge
Surging numbers of COVID-themed attacks, PowerShell trojans, along with the SolarWinds compromise and the continued spread of Sunburst malware were major contributors to a massive spike in the number of observed attacks in the wild during the last half of 2020, which McAfeeâs said averaged 588...
Detecting the "Next" SolarWinds-Style Cyber Attack
The SolarWinds attack, which succeeded by utilizing the sunburst malware, shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim. Because of the far-reaching SolarWinds deployments, t...
Feds Pinpoint Russia as âLikelyâ Culprit Behind SolarWinds Attack
The U.S. government has identified Russia as the âlikelyâ culprit behind the widespread SolarWinds cyberattack that has so far affected multiple federal agencies and private-sector companies. Cyberespionage is cited as the motivation behind the attack, which the feds characterized as ongoing. In ...
TAU Threat Analysis: Insights on the SolarWinds Breach
In light of the SolarWinds breach, we want to help our customers who may have questions as well as the larger security community. The VMware Carbon Black Threat Analysis Unit TAU has been steadfastly monitoring the evolving situation as we learn more about the supply chain compromise. We caught u...
Sunburst's C2 Secrets Reveal Second-Stage SolarWinds Victims
More information has come to light about the Sunburst backdoor that could help defenders get a better handle on the scope of the sprawling SolarWinds espionage attack. The campaign is known to have affected six federal departments, Microsoft, FireEye and dozens of others so far. Sunburst, a.k.a...
Additional Analysis into the SUNBURST Backdoor | McAfee Blogs
ARCHIVED STORY Additional Analysis into the SUNBURST Backdoor Christiaan Beek · DEC 17, 2020 Executive Summary There has been considerable focus on the recent disclosures associated with SolarWinds, and while existing analysis on the broader campaign has resulted in detection against specific IoC...