Prodaft: Chasing the Bad Actors of SolarWinds

March 29, 2021

I read “Swiss Firm Says It Accessed SolarWinds Attackers’ Servers.” The idea is that the cyber security outfit explored the intermediary servers employed by the SolarWinds’ bad actors. The result was a successful penetration of some of these systems. The result? Prodaft, according to the report, has learned that “these attackers continue to target large corporations and public institutions worldwide.” The targets? The US and Europe.

Furthermore, the attackers have been given the handle “SilverFish Group.” One discovery is explained this way:

[The attackers have] designed an unprecedented malware detection sandbox formed by actual enterprise victims, which enables the adversaries to test their malicious payloads on actual live victim servers with different enterprise AV and EDR solutions, further expanding the high success rate of the SilverFish group attacks.

From my vantage point in rural Kentucky, this sounds similar to the methods revealed in the disclosure of the the Hacking Team’s Remote Control System. The approach makes it possible to “spin” malware in a controlled manner across compromised systems.

The main point is that despite the radio silence from certain organizations affected by the month’s long attacks is:

confirmation of the ongoing nature of the attack validates industry concerns. Once attackers establish persistence within an environment, it is difficult to remove them without considerable resources.

Interesting and not particularly reassuring.

Stephen E Arnold, March 29, 2021

Comments

Got something to say?





  • Archives

  • Recent Posts

  • Meta