An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

NEWS | April 15, 2021

US Cyber Command, DHS-CISA release Russian malware samples tied to SolarWinds compromise

By U.S. Cyber Command Public Affairs

U.S. Cyber Command and the Department of Homeland Security - Cybersecurity and Infrastructure Security Agency released eight files attributed to the Russian Foreign Intelligence Service (SVR)/APT 29 to enable public defense against further compromise.

The sample were found on victim networks during hunt operations conducted by the Cyber National Mission Force and CISA. The missions were requested in response to suspicious activity and suspected compromise through the SolarWinds supply chain attack.

Hunt Forward operations are one way the U.S. defends forward against adversaries in cyberspace. These missions generate insights to understand the adversary, enable defense through sharing information with partner nations, departments, agencies and the cyber security community, and provide opportunities to disrupt, degrade or defeat malicious cyber activity when needed.

The samples released include variants of GoldMax, GoldFinder, Sibot and a new variant of a known webshell. Russian actors were using the variants of malware in combination on the targeted networks.

To view the malware analysis report, go here:   

To view the VirusTotal upload, go here:

Users should pay attention to updates and patches for their respective software and keep their technical products up to date to ensure defense against malicious cyber actors.