Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security

Poisoned Installers Found In SolarWinds Hackers Toolkit (securityweek.com) 16

wiredmikey shares a report from SecurityWeek: The ongoing multi-vendor investigations into the SolarWinds mega-hack took another twist this week with the discovery of new malware artifacts that could be used in future supply chain attacks. According to a new report, the latest wave of attacks being attributed to APT29/Nobelium threat actor includes a custom downloader that is part of a "poisoned update installer" for electronic keys used by the Ukrainian government. SentinelOne principal threat researcher Juan Andres Guerrero-Saade documented the latest finding in a blog post that advances previous investigations from Microsoft and Volexity. "At this time, the means of distribution [for the poisoned update installer] are unknown. It's possible that these update archives are being used as part of a regionally-specific supply chain attack," Guerrero-Saade said.
This discussion has been archived. No new comments can be posted.

Poisoned Installers Found In SolarWinds Hackers Toolkit

Comments Filter:
  • Now are the SolarWinds updates free? or paid to fix the hacked ones?

  • by FudRucker ( 866063 ) on Wednesday June 02, 2021 @08:33AM (#61446782)
    get rid of ms-windows, problem solved, dont give people root access to their systems, only IT admin should be allowed to get that, mainstream Linux distros have perfectly good office suites so preventing this sort of thing is that simple /thread
    • yeah, i bet there are clerical office workers using ms-windows systems and they are logged in with admin privileges so when they do something on the PC it can screw the whole system up, that sort of thing has been going on for decades because of lazy office workers opening something they should not have infecting the entire system.
    • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Wednesday June 02, 2021 @08:39AM (#61446808) Homepage Journal

      You really have no idea what you're talking about, period.

      These installers will only be run by admins.

      But they still need to be run on multiple nodes.

      Speaking of multiple nodes, when you have a lot of machines, you wind up needing tools to manage them all. It doesn't matter what OS they run.

      Tools for Linux can be compromised in exactly the same way as these tools for Windows. So there is zero benefit there, although there are other security benefits to Linux.

      • you're the one that dont know what your talking about, you're more likely a bean counter that dont like the idea of paying good wages to competent IT admin, and just want to hire low level janitors to keep the junk files sorted and the trash taken out over night
        • by tlhIngan ( 30335 )

          you're the one that dont know what your talking about, you're more likely a bean counter that dont like the idea of paying good wages to competent IT admin, and just want to hire low level janitors to keep the junk files sorted and the trash taken out over night

          And why not have multiple levels? You need a highly experienced competent admin to maintain the network overall, but you also need a bunch of lesser paid ones to handle the day to day problems, like fixing a printer, changing a user's password or eve

      • Speaking of multiple nodes, when you have a lot of machines, you wind up needing tools to manage them all. It doesn't matter what OS they run.

        These tools are for junior admins who need ease of use and give them full access so the company can hire cheaper users. Domain Admins already have many ways to monitor systems with existing tools. Experienced admins can already do a lot of the things that these tools do, just not in a GUI.

        Paying for an experienced admin that knows command line scripting, has a larger recurring cost. Tools such as Solarwinds Orion has a cheaper recurring cost, so you can hire more junior admins for more "coverage".

    • Yea but then you'd have to hire someone actually literate to do your government IT jobs, and those guys are so expensive they cut into the budget for our autonomous peasant killers.

      • and those guys are so expensive they cut into the budget for our autonomous peasant killers.

        The word you were looking for was killbot [theinfosphere.org].
  • 1: Hack the installer of component X to also install ransomware (set to go off on trigger or timer) and/or other persistent threats.
    2: Attack a system with ransomware installed by some other vector via a vulnerability in component X.
    3: Profit.
    4: News of the attack of 2: is published.
    5: EVERYBODY downloads the next update of component X.
    6: Pick a bunch of deep-pocket targets and have at them.
    7: P*R*O*F*I*T!
    8: Rinse and repeat.

    I normally make the "Hackers are the cowboys, Crackers are the cattle-rustlers (who

We are Microsoft. Unix is irrelevant. Openness is futile. Prepare to be assimilated.

Working...