Poisoned Installers Found In SolarWinds Hackers Toolkit

wiredmikey shares a report from SecurityWeek: The ongoing multi-vendor investigations into the SolarWinds mega-hack took another twist this week with the discovery of new malware artifacts that could be used in future supply chain attacks. According to a new report, the latest wave of attacks being attributed to APT29/Nobelium threat actor includes a custom downloader that is part of a "poisoned update installer" for electronic keys used by the Ukrainian government. SentinelOne principal threat researcher Juan Andres Guerrero-Saade documented the latest finding in a blog post that advances previous investigations from Microsoft and Volexity. "At this time, the means of distribution [for the poisoned update installer] are unknown. It's possible that these update archives are being used as part of a regionally-specific supply chain attack," Guerrero-Saade said.

Read more of this story at Slashdot.

from Slashdot https://ift.tt/3vKatDs

Share on FacebookPlus on Google+

SUBSCRIBE TO OUR NEWSLETTER