This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
Kaspersky security researchers have unearthed a new backdoor likely designed by the Nobelium advanced persistent threat (APT) behind last year’s SolarWinds supply chain attack.
The new malware, dubbed Tomiris, was first identified in June 2021 from samples dating back to February, a month before the “sophisticated second stage backdoor” Sunshuttle was spotted by FireEye and linked to Nobelium. Nobelium is also known by the monikers UNC2452, SolarStorm, StellarParticle, Dark Halo, and Iron Ritual.
“While supply-chain attacks were already a documented attack vector leveraged by a number of APT actors, this specific campaign stood out due to the extreme carefulness of the attackers and the high-profile nature of their victims. Evidence gathered so far indicates that Dark Halo spent six months inside Orion IT’s networks to perfect their attack and make sure that their tampering of the build chain wouldn’t cause any adverse effects,” Kaspersky researchers stated.
Moscow-headquartered firm Kaspersky identified Tomiris while examining a series of DNS hijacking attacks mounted against multiple government organizations in a CIS member state between December 2020 and January 2021, whi
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Newly Discovered ‘Tomiris’ Backdoor Linked to SolarWinds Attack Malware