SolarWinds Compromise Malware Analysis

EasyChair Preprint 15566

12 pages•Date: December 13, 2024

Syed Ahmad Maaz, Ahmad Naveed Asif, Muhammad Zain Zia and Muhammad Faaz Qadeer

Abstract

The SolarWinds compromise was one of the most significant cyberattacks of the 21st century, not because it breached a single organization, but because it triggered a much larger supply chain incident that affected thousands of organizations globally. Attributed to the Advanced Persistent Threat (APT29) threat group, this attack leveraged sophisticated malware tools to infiltrate high-profile entities. This paper provides a detailed analysis of the four main malware variants used in the attack: SIBOT, Raindrop, GoldMax, and GoldFinder. A controlled environment was established to study the behavior of each malware, focusing on their techniques for achieving persistence, lateral movement, and evading detection. The findings contribute to enhancing threat intelligence and offer insights for improving defenses against similar attacks, highlighting the importance of taking early steps to detect and prevent advanced persistent threats.

Keyphrases: Downloader, GoldFinder, GoldMax, Malware, Raindrop, SIBOT, backdoor, reverse engineering

Links:

https://easychair.org/publications/preprint/7BDF

BibTeX entry

BibTeX does not have the right entry for preprints. This is a hack for producing the correct reference:

@booklet{EasyChair:15566,
  author    = {Syed Ahmad Maaz and Ahmad Naveed Asif and Muhammad Zain Zia and Muhammad Faaz Qadeer},
  title     = {SolarWinds Compromise Malware Analysis},
  howpublished = {EasyChair Preprint 15566},
  year      = {EasyChair, 2024}}

Download PDF Open PDF in browser