店長ブログ

釣りエサ専門店SABANIZM店長のブログです。

2023年6月5日月曜日

New Malware Used By SolarWinds Attackers Went Undetected For Years

 


The threat actor behind the supply chain compromise of SolarWinds has continued to expand its malware arsenal with new tools and techniques that were deployed in attacks as early as 2019, once indicative of the elusive nature of the campaigns and the adversary's ability to maintain persistent access for years.

According to cybersecurity firm CrowdStrike, which detailed the novel tactics adopted by the Nobelium hacking group last week, two sophisticated malware families were placed on victim systems — a Linux variant of GoldMax and a new implant dubbed TrailBlazer — long before the scale of the attacks came to light.

Nobelium, the Microsoft-assigned moniker for the SolarWinds intrusion in December 2020, is also tracked by the wider cybersecurity community under the names UNC2452 (FireEye), SolarStorm (Unit 42), StellarParticle (CrowdStrike), Dark Halo (Volexity), and Iron Ritual (Secureworks).

The malicious activities have since been attributed to a Russian state-sponsored actor called APT29 (also known as The Dukes and Cozy Bear), a cyber espionage operation associated with the country's Foreign Intelligence Service that's known to be active since at least 2008.

GoldMax (aka SUNSHUTTLE), which was discovered by Microsoft and FireEye (now Mandiant) in March 2021, is a Golang-based malware that acts as a command-and-control backdoor, establishing a secure connection with a remote server to execute arbitrary commands on the compromised machine.

Mandiant also pointed out that Dark Halo actors had used the malware in attacks going back to at least August 2020, or four months before SolarWinds discovered its Orion updates had been tampered with malware designed to drop post-compromise implants against thousands of its customers.

In September 2021, Kaspersky revealed details of a second variant of the GoldMax backdoor called Tomiris that was deployed against several government organizations in an unnamed CIS member state in December 2020 and January 2021.

The latest iteration is a previously undocumented but functionally identical Linux implementation of the second-stage malware that was installed in victim environments in mid-2019, predating all other identified samples built for the Windows platform to date.


Also delivered around the same timeframe was TrailBlazer, a modular backdoor that offers attackers a path to cyber espionage, while sharing commonalities with GoldMax in the way it masquerades its command-and-control (C2) traffic as legitimate Google Notifications HTTP requests.

Other uncommon channels used by the actor to facilitate the attacks include —

  • Credential hopping for obscuring lateral movement
  • Office 365 (O365) Service Principal and Application hijacking, impersonation, and manipulation, and
  • Theft of browser cookies for bypassing multi-factor authentication

Additionally, the operators carried out multiple instances of domain credential theft months apart, each time leveraging a different technique, one among them being the use of Mimikatz password stealer in-memory, from an already compromised host to ensure access for extended periods of time.

"The StellarParticle campaign, associated with the Cozy Bear adversary group, demonstrates this threat actor's extensive knowledge of Windows and Linux operating systems, Microsoft Azure, O365, and Active Directory, and their patience and covert skill set to stay undetected for months — and in some cases, years," the researchers said.

Related news


  1. Physical Pentest Tools
  2. Hacking Tools For Windows
  3. Pentest Automation Tools
  4. Tools 4 Hack
  5. Hack App
  6. Hacker Tools For Ios
  7. Pentest Tools Linux
  8. Hacking Tools Mac
  9. Hacker Security Tools
  10. Computer Hacker
  11. Hacker Techniques Tools And Incident Handling
  12. Hacker Tools Software
  13. What Is Hacking Tools
  14. Hacker Tools Github
  15. Hacking Tools Software
  16. Hack Website Online Tool
  17. Best Hacking Tools 2019
  18. Hacker Tools Software
  19. Github Hacking Tools
  20. Hacker Tool Kit
  21. How To Hack
  22. Hackrf Tools
  23. Pentest Tools Android
  24. How To Hack
  25. Hack Tools Github
  26. Computer Hacker
  27. Pentest Automation Tools
  28. Hack Tools For Ubuntu
  29. Hacker Tools For Windows
  30. Nsa Hack Tools
  31. Pentest Tools Alternative
  32. Best Pentesting Tools 2018
  33. Hacking Tools Windows 10
  34. Hack Tools
  35. Pentest Tools Subdomain
  36. Pentest Tools Url Fuzzer
  37. Pentest Tools Android
  38. Easy Hack Tools
  39. Hacking Tools Pc
  40. Hacker Tool Kit
  41. Hacking Tools For Beginners
  42. Hacker Tools Hardware
  43. Hacker Search Tools
  44. Best Hacking Tools 2020
  45. Hacker Tools Hardware
  46. Nsa Hacker Tools
  47. Hacking Tools Pc
  48. Usb Pentest Tools
  49. Pentest Tools Apk
  50. Hacker Tools Github
  51. Computer Hacker
  52. Hacker
  53. Android Hack Tools Github
  54. Hacking Tools Windows
  55. Hacker Tools Free
  56. New Hacker Tools
  57. Hacker Tools For Mac
  58. Pentest Tools Github
  59. Pentest Tools Alternative
  60. Hacker Tools For Pc
  61. Hacking Tools Windows 10
  62. Wifi Hacker Tools For Windows
  63. Hack Tools 2019
  64. Hacker Tools Free Download
  65. Hack Tools
  66. Pentest Box Tools Download
  67. Hack Website Online Tool
  68. Pentest Box Tools Download
  69. Hack Tools For Mac
  70. Hacking Tools For Kali Linux
  71. Pentest Tools Android
  72. Hacking Tools For Kali Linux
  73. Pentest Tools Nmap
  74. Hacking Tools Windows 10
  75. Hack Tools For Windows
  76. Pentest Tools Free
  77. Hacking Tools For Pc
  78. Hack And Tools
  79. Blackhat Hacker Tools
  80. Physical Pentest Tools
  81. Hacker Tools For Pc
  82. New Hacker Tools
  83. Hacker Tools 2020
  84. Hacking Tools Name
  85. Ethical Hacker Tools
  86. Hacking Tools 2019
  87. Pentest Tools Website
  88. Hack Tools
  89. Nsa Hacker Tools
  90. Hack Website Online Tool
  91. Hack Tools Online
  92. Pentest Tools Open Source
  93. Hack Apps
  94. Pentest Reporting Tools
  95. Pentest Reporting Tools
  96. Hack Tools Online
  97. What Is Hacking Tools
  98. Pentest Tools Website
  99. Hacker Tools Free
  100. Hacking Tools Windows 10
  101. Hack Tools Online
  102. Hack App
  103. How To Install Pentest Tools In Ubuntu
  104. Hacker Security Tools
  105. Pentest Tools Alternative
  106. Pentest Tools Alternative
  107. Hack Tools For Games
  108. Pentest Tools Online
  109. Wifi Hacker Tools For Windows
  110. Pentest Tools For Windows
  111. Hacking Tools For Beginners
  112. Pentest Tools Review
  113. Hacker Tools
  114. Hacker Tools For Ios
  115. Hack Apps
  116. Physical Pentest Tools
  117. Easy Hack Tools
  118. Hacking Tools Github
  119. Pentest Tools Find Subdomains
  120. Hacking Tools And Software
  121. Hack Tools Pc
  122. Hack Tools Github
  123. Pentest Tools Bluekeep
  124. Hacker Tools Hardware
  125. Hacking Tools Mac
  126. Hacker Tools For Ios
  127. Pentest Tools Review
  128. Hack Tools Download
  129. Hack And Tools
  130. Hacking Tools For Windows
  131. Hack Tools For Pc
  132. Hacker Techniques Tools And Incident Handling
  133. Hacking Tools For Kali Linux
  134. Hacking Tools For Beginners
  135. Nsa Hack Tools
  136. Blackhat Hacker Tools
  137. Pentest Recon Tools
  138. Pentest Box Tools Download
  139. Growth Hacker Tools
  140. Hack Apps
  141. Hacking Tools Online
  142. Pentest Tools Find Subdomains
  143. Hacking Tools 2019
  144. Termux Hacking Tools 2019
  145. Tools For Hacker
  146. Hackers Toolbox
  147. New Hacker Tools
  148. Hacker Tools 2019
  149. Hack Tools For Ubuntu
  150. Hacker Tools For Pc
  151. Hack Tools
  152. Hacking Apps
  153. Black Hat Hacker Tools
  154. Nsa Hack Tools
  155. Pentest Tools Website Vulnerability
  156. Hacker Tools Online
  157. Hacker Tool Kit
  158. Hacker Security Tools
  159. Hacking Tools Mac
  160. Hacker Security Tools
  161. Hacking Tools Hardware
  162. Hack Tools For Windows
  163. How To Install Pentest Tools In Ubuntu
  164. Pentest Tools Review
  165. Hackers Toolbox
  166. Pentest Automation Tools
  167. Pentest Tools Github
  168. Pentest Tools Nmap
  169. Tools 4 Hack
  170. Hacker Tools For Ios
  171. Hacking Tools
  172. Hacker Tools Free Download
  173. Install Pentest Tools Ubuntu
  174. Best Hacking Tools 2019
  175. Android Hack Tools Github
  176. Nsa Hack Tools
  177. Hack Tools Mac
  178. Hacking Tools Name

0 件のコメント:

コメントを投稿