CISA and CNMF Analysis of SolarWinds-related Malware

Original release date: April 15, 2021

CISA and the Department of Defense (DoD) Cyber National Mission Force (CNMF) have analyzed additional SolarWinds-related malware variants—referred to as SUNSHUTTLE and SOLARFLARE. One of the analyzed files was identified as a China Chopper webshell server-side component that was observed on a network with an active SUNSHUTTLE infection. The webshell can provide a cyber threat actor an alternative method of accessing a network, even if the SUNSHUTTLE infection was remediated.

The U.S. Government attributes this activity to the Russian Foreign Intelligence Service (SVR).

CISA encourages users and administrators to review Malware Analysis Report MAR-10327841-1.v1, U.S. Cyber Command’s VirusTotal page, and the following resources for more information:

CISA web page: Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise
CISA web page: Supply Chain Compromise
CISA Alert AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations

This product is provided subject to this Notification and this Privacy & Use policy.

Source link

admin

Next WordPress Releases Security and Maintenance Update »

Previous « Threat Actors Targeting Cybersecurity Researchers

This website uses cookies.

CISA and CNMF Analysis of SolarWinds-related Malware

Recent Posts

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA Releases One Industrial Control Systems Advisory

CISA Directs Federal Agencies to Mitigate Vulnerabilities in F5 Devices

CISA Releases Thirteen Industrial Control Systems Advisories

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Adds Five Known Exploited Vulnerabilities to Catalog