minat sekali: New Malware Used By SolarWinds Attackers Went Undetected For Years

Jumat, 19 Januari 2024

New Malware Used By SolarWinds Attackers Went Undetected For Years

 


The threat actor behind the supply chain compromise of SolarWinds has continued to expand its malware arsenal with new tools and techniques that were deployed in attacks as early as 2019, once indicative of the elusive nature of the campaigns and the adversary's ability to maintain persistent access for years.

According to cybersecurity firm CrowdStrike, which detailed the novel tactics adopted by the Nobelium hacking group last week, two sophisticated malware families were placed on victim systems — a Linux variant of GoldMax and a new implant dubbed TrailBlazer — long before the scale of the attacks came to light.

Nobelium, the Microsoft-assigned moniker for the SolarWinds intrusion in December 2020, is also tracked by the wider cybersecurity community under the names UNC2452 (FireEye), SolarStorm (Unit 42), StellarParticle (CrowdStrike), Dark Halo (Volexity), and Iron Ritual (Secureworks).

The malicious activities have since been attributed to a Russian state-sponsored actor called APT29 (also known as The Dukes and Cozy Bear), a cyber espionage operation associated with the country's Foreign Intelligence Service that's known to be active since at least 2008.

GoldMax (aka SUNSHUTTLE), which was discovered by Microsoft and FireEye (now Mandiant) in March 2021, is a Golang-based malware that acts as a command-and-control backdoor, establishing a secure connection with a remote server to execute arbitrary commands on the compromised machine.

Mandiant also pointed out that Dark Halo actors had used the malware in attacks going back to at least August 2020, or four months before SolarWinds discovered its Orion updates had been tampered with malware designed to drop post-compromise implants against thousands of its customers.

In September 2021, Kaspersky revealed details of a second variant of the GoldMax backdoor called Tomiris that was deployed against several government organizations in an unnamed CIS member state in December 2020 and January 2021.

The latest iteration is a previously undocumented but functionally identical Linux implementation of the second-stage malware that was installed in victim environments in mid-2019, predating all other identified samples built for the Windows platform to date.


Also delivered around the same timeframe was TrailBlazer, a modular backdoor that offers attackers a path to cyber espionage, while sharing commonalities with GoldMax in the way it masquerades its command-and-control (C2) traffic as legitimate Google Notifications HTTP requests.

Other uncommon channels used by the actor to facilitate the attacks include —

  • Credential hopping for obscuring lateral movement
  • Office 365 (O365) Service Principal and Application hijacking, impersonation, and manipulation, and
  • Theft of browser cookies for bypassing multi-factor authentication

Additionally, the operators carried out multiple instances of domain credential theft months apart, each time leveraging a different technique, one among them being the use of Mimikatz password stealer in-memory, from an already compromised host to ensure access for extended periods of time.

"The StellarParticle campaign, associated with the Cozy Bear adversary group, demonstrates this threat actor's extensive knowledge of Windows and Linux operating systems, Microsoft Azure, O365, and Active Directory, and their patience and covert skill set to stay undetected for months — and in some cases, years," the researchers said.

Read more
  1. Ethical Hacker Tools
  2. Hacking Tools Free Download
  3. Pentest Tools Find Subdomains
  4. Hack Website Online Tool
  5. Hacking Tools 2019
  6. Hacking Tools Kit
  7. Hacker Security Tools
  8. Best Pentesting Tools 2018
  9. Beginner Hacker Tools
  10. Nsa Hack Tools Download
  11. Blackhat Hacker Tools
  12. Pentest Tools Kali Linux
  13. Pentest Tools Windows
  14. Tools Used For Hacking
  15. Hack Tools For Games
  16. Hacker Tools Hardware
  17. Hack Tools For Windows
  18. Tools 4 Hack
  19. Pentest Tools Online
  20. Hacking Tools Windows
  21. Hacking Tools Windows
  22. Hacking Tools Windows 10
  23. Hacker Search Tools
  24. Ethical Hacker Tools
  25. Pentest Tools Kali Linux
  26. New Hacker Tools
  27. Hack App
  28. Hacking Tools For Mac
  29. Termux Hacking Tools 2019
  30. Hacking App
  31. Wifi Hacker Tools For Windows
  32. Black Hat Hacker Tools
  33. Pentest Tools Nmap
  34. Hackers Toolbox
  35. Computer Hacker
  36. Nsa Hack Tools Download
  37. Physical Pentest Tools
  38. Pentest Box Tools Download
  39. Hacking Tools For Kali Linux
  40. New Hacker Tools
  41. Bluetooth Hacking Tools Kali
  42. Pentest Tools Alternative
  43. Pentest Tools Nmap
  44. Game Hacking
  45. What Is Hacking Tools
  46. Pentest Tools Alternative
  47. Hackers Toolbox
  48. Hack Tools For Windows
  49. Underground Hacker Sites
  50. Ethical Hacker Tools
  51. Android Hack Tools Github
  52. Hacker Search Tools
  53. Hack Tools For Ubuntu
  54. Wifi Hacker Tools For Windows
  55. Hacking Tools For Pc
  56. Hacking Tools Name
  57. Hacking Tools For Windows Free Download
  58. Hacking Tools 2019
  59. Pentest Box Tools Download
  60. Android Hack Tools Github
  61. Hacker Security Tools
  62. Pentest Tools Apk
  63. Pentest Tools Framework
  64. Hack Tool Apk
  65. Hacker Tools List
  66. Hacker Techniques Tools And Incident Handling
  67. Github Hacking Tools
  68. Termux Hacking Tools 2019
  69. Pentest Tools Download
  70. Pentest Tools Windows
  71. Hack Tools 2019
  72. Hack Tools
  73. Pentest Tools Linux
  74. Hacker Techniques Tools And Incident Handling
  75. New Hack Tools
  76. Hacker Tools List
  77. Pentest Tools Linux
  78. Hacker Tools 2020
  79. Game Hacking
  80. Hack Tool Apk
  81. Bluetooth Hacking Tools Kali
  82. Hacking Tools For Windows 7
  83. Hack Website Online Tool
  84. Easy Hack Tools
  85. Bluetooth Hacking Tools Kali
  86. Pentest Tools Free
  87. Pentest Box Tools Download
  88. Hacker Tools For Ios
  89. Hacker Tools Apk
  90. Hacking Tools For Windows Free Download
  91. Hacker Tools Mac
  92. Hacker Tools Online
  93. Hacker Tool Kit
  94. Hack Rom Tools
  95. Pentest Tools Open Source
  96. Hack Tools For Ubuntu
  97. Hak5 Tools
  98. Hacker Tools Online
  99. Hack Tools For Pc
  100. Hacker Techniques Tools And Incident Handling
  101. Hacking Tools For Beginners
  102. Hacker Tools Online
  103. Hacking Tools Usb
  104. Pentest Tools Find Subdomains
  105. Hacker Tools Apk Download
  106. Pentest Tools Bluekeep
  107. Pentest Tools Review
  108. Hacker Tools 2020
  109. Pentest Tools Review
  110. How To Hack
  111. Pentest Tools For Mac
  112. Pentest Tools For Windows
  113. Tools For Hacker
  114. Hacking Tools For Pc
  115. Hacking Tools For Games
  116. Hacker Security Tools
  117. Hacks And Tools
  118. Pentest Tools For Ubuntu
  119. Pentest Tools Url Fuzzer
  120. Pentest Tools Subdomain
  121. Hacking App
  122. Pentest Tools Open Source
  123. Hacking Tools Usb
  124. Pentest Tools Framework
  125. Pentest Tools Review
  126. Hacking Tools For Kali Linux
  127. Hacking Tools Online
  128. Black Hat Hacker Tools
  129. Top Pentest Tools
  130. Wifi Hacker Tools For Windows
  131. Hack Tools
  132. Easy Hack Tools
  133. What Are Hacking Tools
  134. Android Hack Tools Github
  135. Hack Tools Pc
  136. Pentest Tools Port Scanner
  137. Hacker Tools Apk Download
  138. Hacker
  139. Pentest Tools Free
  140. Usb Pentest Tools
  141. Hacking Tools Github
  142. Physical Pentest Tools
  143. Pentest Tools Apk
  144. Hack Tools For Ubuntu
  145. New Hacker Tools
  146. Hacking Tools For Windows Free Download
  147. Hacker Tool Kit
  148. Hacker Tools For Windows
  149. Hack Tools For Ubuntu
  150. Hacker Tools Apk Download
  151. Pentest Tools Alternative
  152. Hack Tools For Ubuntu
  153. Hacker Tools 2019
  154. Pentest Tools For Windows
  155. Hacker Tools Online
  156. Hacking Tools For Pc
  157. Hack Tools For Mac
  158. Hacker Tools Apk Download
  159. Hack Tools For Mac
  160. Pentest Tools Review
  161. Hacking Tools Github
  162. Hacking Tools Kit
  163. Pentest Tools Website Vulnerability
  164. Hacking Tools Name
  165. Hacking Tools Usb
  166. Game Hacking
  167. Hacker Tools Windows
  168. Hacking Tools And Software
  169. New Hack Tools
  170. Hack Tool Apk No Root
  171. Hack Tools For Games
  172. Hacker Tools 2020
  173. Hacking Tools Free Download
  174. Hacking Tools For Windows Free Download
  175. Hacking Tools Usb
  176. Top Pentest Tools
Diposting oleh di

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)