Weekly: Sunburst, Sunspot, and more on SolarWinds!

January 15, 2021 Digital Shadows

ShadowTalk hosts Alec, Charles, Austin, and Ivan bring you the latest in threat intelligence. This week they cover:

  • Significant updates to the SolarWinds incident
  • Overlaps of the "Sunburst" backdoor and malware known to be used by the believed Russia-affiliated APT "Turla"
  • Possible SolarWinds scam - SolarLeaks claiming to sell data stolen in SolarWinds attacks
  • The newly identified Sunspot malware
  • Mimecast reporting of a compromised certificate possibly related to SolarWinds - the team dives deeper
  • DarkSide ransomware decryptor keys being released and how DarkSide responded 

Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-15-january

***Resources from this week’s podcast***

Sunburst: https://securelist.com/sunburst-backdoor-kazuar/99981/

SolarLeaks: https://www.bleepingcomputer.com/news/security/solarleaks-site-claims-to-sell-data-stolen-in-solarwinds-attacks/

SolarWinds updates: https://orangematter.solarwinds.com/2021/01/11/new-findings-from-our-investigation-of-sunburst/


Sunspot: https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/

Covid-19 threat landscape updates: https://www.digitalshadows.com/blog-and-research/targets-and-predictions-for-the-covid-19-threat-landscape/

Dark Web Marketplaces And Cybercriminal Forums: https://www.digitalshadows.com/blog-and-research/tracing-dark-web-marketplaces-and-cybercriminal-forums/ 

ShadowTalk Email: shadowtalk@digitalshadows.com

Previous Report
Weekly Intelligence Summary 22 January
Weekly Intelligence Summary 22 January

Technical analysis of a cyber-threat campaign using the dangerous and widespread “Lokibot” malware has reve...

Next Report
Weekly Intelligence Summary 15 January
Weekly Intelligence Summary 15 January

A cyber-security firm released a free decryptor for the popular and sophisticated “DarkSide” ransomware.