Microsoft reveals GoldMax, Sibot and GoldFinder new malware strains used by SolarWinds hackers

Microsoft has revealed information on newly found malware the SolarWinds hackers deployed on victims’ networks as second-stage payloads.

The company now tracks the “sophisticated attacker” who used the Sunburst backdoor and Teardrop malware during the SolarWinds supply-chain attack as Nobelium.

Security researchers with the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft 365 Defender Research Team found three new malware strains named GoldMax, Sibot, and GoldFinder.

The Nobelium hackers used these malware strains during late-stage activity between August and September 2020. Still, it is believed that Nobelium dropped them on compromised SolarWinds customers’ systems as early as June 2020.

Read more…
Source: Bleeping Computer

Related story: New Sunshuttle aka GoldMax Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452