Sunspot malware ran on SolarWinds build server
In a report published today, Crowdstrike said that Sunspot was deployed in September 2019, when hackers first breached SolarWinds internal network.
The Sunspot malware was installed on SolarWinds build server, a type of software used by developers to assemble smaller components into larger software applications.
CrowdStrike said Sunspot had one singular purpose namely, to watch the build server for build commands that assembled Orion, one of SolarWinds top products, an IT resources monitoring platform used by more than 33,000 customers across the globe.
Once a build command was detected, the malware would silently replace source code files inside the Orion app with files that loaded the Sunburst malware, resulting in Orion app versions that also installed the Sunburst malware.
Jan. 12, 2021 12:52 pm ET SolarWinds Corp. said a computer breach tied to Russia-linked hackers who accessed U.S. government systems and corporate networks after manipulating some of the software provider’s code began at least a month earlier than first disclosed.
Hackers were accessing its systems in early September 2019, the network-management company said Tuesday, based on a continuing investigation. Cybersecurity experts suspect preparations for the attack go back far longer. A month later, a version of the company’s Orion Platform software appears to have contained modifications designed to test the hackers ability to insert malicious code into the system. The code was added starting Feb. 20, 2020, SolarWinds said, and the compromised software was available to its customers by March 26, 2020.
/PRNewswire/ Cybersecurity vulnerabilities are a major concern to business and organizations. The most recent massive computer breach, which allowed hackers.
Working group of US intelligence agencies asserts Russia is “likely” behind SolarWinds hack
A working group of four US intelligence agencies has issued a press release declaring that hackers behind the unprecedented cyberattack on hundreds of government and corporate users of the SolarWinds Orion platform were “likely Russian in origin.”
The joint statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI) and the National Security Agency (NSA) was first published on Tuesday afternoon on the website of the ODNI.
The statement says that the Trump administration’s National Security Council has created a task force called the cyber Unified Coordinating Group (UCG) composed of the four agencies to organize “the investigation and remediation of this significant cyber incident involving federal government networks.” It says that the UCG is “still working to