intelligence agencies have attributed the SolarWinds hack to an arm of the Russian state intelligence known as the SVR, which also was determined to have been involved in the hacking of the Democratic National Committee six years ago.
Solarwinds hack 2020 software#
Beginning in March 2020, the attackers then used the access afforded by the compromised SolarWinds software to push additional backdoors and tools to targets when they wanted deeper access to email and network communications.
Solarwinds hack 2020 code#
The SolarWinds attack involved malicious code being surreptitiously inserted into updates shipped by SolarWinds for some 18,000 users of its Orion network management software. But the world would not find out about the SolarWinds debacle until early December 2020, when FireEye first disclosed the extent of its own compromise from the SolarWinds malware and published details about the tools and techniques used by the perpetrators. It’s unclear what, if anything, NTIA’s IT staff did in response to scanning the backdoor file back in Aug. official familiar with the matter,” The Journal wrote. “The hackers broke into about three dozen email accounts since June at the NTIA, including accounts belonging to the agency’s senior leadership, according to a U.S. But in December 2020, The Wall Street Journal reported the NTIA was among multiple federal agencies that had email and files plundered by the SolarWinds attackers.
The NTIA did not respond to requests for comment. 2020 by the same account that uploaded the Sunshuttle backdoor malware to VirusTotal in August 2020. “In August 2020, a U.S.-based entity uploaded a new backdoor that we have named SUNSHUTTLE to a public malware repository,” FireEye wrote.Īn apparently internal email that got uploaded to VirusTotal in Feb. FireEye refers to the backdoor as “ Sunshuttle,” whereas Microsoft calls it “ GoldMax.” FireEye says the Sunshuttle backdoor was named “ Lexicon.exe,” and had the unique file signatures or “hashes” of “ 9466c865f7498a35e4e1a8f48ef1dffd” (MD5) and b9a2c986b6ad1eb4cfb0303baede906936fe96396f3cf490b0984a4798d741d8 (SHA-1). 4 concerning a new backdoor found on high-value targets that were compromised by the SolarWinds attackers.
Commerce Department that handles telecommunications and Internet policy.īoth Microsoft and FireEye published blog posts on Mar. An analysis of the malicious file and other submissions by the same VirusTotal user suggest the account that initially flagged the backdoor as suspicious belongs to IT personnel at the National Telecommunications and Information Administration (NTIA), a division of the U.S. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products.
0 kommentar(er)
