NEWS | April 15, 2021

US Cyber Command, DHS-CISA release Russian malware samples tied to SolarWinds compromise

By U.S. Cyber Command Public Affairs

U.S. Cyber Command and the Department of Homeland Security - Cybersecurity and Infrastructure Security Agency released eight files attributed to the Russian Foreign Intelligence Service (SVR)/APT 29 to enable public defense against further compromise.

The sample were found on victim networks during hunt operations conducted by the Cyber National Mission Force and CISA. The missions were requested in response to suspicious activity and suspected compromise through the SolarWinds supply chain attack.

Hunt Forward operations are one way the U.S. defends forward against adversaries in cyberspace. These missions generate insights to understand the adversary, enable defense through sharing information with partner nations, departments, agencies and the cyber security community, and provide opportunities to disrupt, degrade or defeat malicious cyber activity when needed.

The samples released include variants of GoldMax, GoldFinder, Sibot and a new variant of a known webshell. Russian actors were using the variants of malware in combination on the targeted networks.

To view the malware analysis report, go here: https://us-cert.cisa.gov/ncas/analysis-reports/ar21-105a   

To view the VirusTotal upload, go here: https://virustotal.com/en/user/CYBERCOM_MALWARE_ALERT

Users should pay attention to updates and patches for their respective software and keep their technical products up to date to ensure defense against malicious cyber actors.