The SolarWinds Hack Gets Worse, But Offers A Tiny Bit Of Amusement
SUNSHUTTLE Sucks But The Second Half Might Make You Chuckle
In August 2020 an unidentified company uploaded a piece of malware to a public malware repository in the hopes of getting advice on how to deal with it. It is unknown at this time if they were successful, but recently Mandiant Threat Intelligence determined that the malware was likely related to the SolarWinds hack, Sunburst. SUNSHUTTLE is a second-stage backdoor which can read and write to a compromised machine, as well as being able to execute code. It seems to work in tandem with another infection, as opposed to being a unique attack, which considering the age of the first detection makes this major hack even more worrisome.
On a more amusing, and possibly related note, it would seem that a number of black hat hackers have been hacked themselves. So far this year four cybercrime forums, Maza, Exploit, Verified and Crdclub have all seen their members personal information compromised, and they have no idea who did it. The members have found themselves doxxed and there have also been a number of Bitcoin thefts. For some reason they seem rather upset to have been hoisted by their own petard.
The Register and PCPer would like you to join a concerto performed by the world’s smallest violins in their honour. There is also bonus content about McAfee’s latest legal woes at the bottom of their story.
Another form of malware has been spotted on servers backdoored in the SolarWinds' Orion fiasco.