![]() Avoiding detectionĬrowdstrike said when Sunspot detected “the Orion solution file path in a running MsBuild.exe process, it replaces a source code file in the solution directory, with a malicious variant to inject SUNBURST while Orion is being built.” It added: “The malicious source code for SUNBURST, along with target file paths, are stored in AES128-CBC encrypted blobs and are protected using the same key and initialization vector.” It does appear to be the most likely explanation based on evidence in the public domain to date. An early attribution by the Washington Post linked the malware to APT29, a known Russian hacking group, though American government officials have so far not confirmed that. ![]() While nobody has yet made a firm public attribution, Kaspersky advanced the theory that the Sunspot malware shared features with nasties emitted by the Turla crew – who have previously been linked to the Russian state. StellarParticle is Crowdstrike's codename for whoever developed the malware.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |