SUNSPOT Malware
Cybersecurity researchers continue to be analyzing and dissecting the supply-chain attack against the SolarWinds software vendor. After uncovering two malware families involved in the attack, they appear to have come across a third sample, given the name SUNSPOT. The newly identified SUNSPOT Malware is suspected to be one of the first implants that the malevolent threat actors utilized in the attack. Allegedly, the SUNSPOT Malware was first used in September 2019 when the hackers managed to breach the SolarWinds network's security. After this, the implant was successfully installed on the build server used to finalize the update packages for the software.
The SUNSPOT Malware's purpose is simple – it was only used on the build server, and it monitored the activities carried out on it. Its goal is to identify the set of commands used to build the SolarWinds Orion software package and then plant the SUNBURST Malware inside. Of course, this operation happens in the background, and the build server operator will not notice anything out of the ordinary. Thanks to this intrusion, the criminals behind the supply-chain attack may have been able to inject corrupted code in all SolarWinds Orion versions released after the network breach.
Supply-chain attacks are exceptionally threatening because they may propagate malware via software that users consider to be reliable and legitimate. To protect yourself from such hacking attempts, you should always protect your networks with a reliable and regularly updated anti-virus software suite.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.