CISA and CNMF Analysis of SolarWinds-related Malware

Original release date: April 15, 2021

CISA and the Department of Defense (DoD) Cyber National Mission Force (CNMF) have analyzed additional SolarWinds-related malware variants—referred to as SUNSHUTTLE and SOLARFLARE. One of the analyzed files was identified as a China Chopper webshell server-side component that was observed on a network with an active SUNSHUTTLE infection. The webshell can provide a cyber threat actor an alternative method of accessing a network, even if the SUNSHUTTLE infection was remediated.

The U.S. Government attributes this activity to the Russian Foreign Intelligence Service (SVR).

CISA encourages users and administrators to review Malware Analysis Report MAR-10327841-1.v1, U.S. Cyber Command’s VirusTotal page, and the following resources for more information: 

This product is provided subject to this Notification and this Privacy & Use policy.

NSA-CISA-FBI Joint Advisory on Russian SVR Targeting U.S. and Allied Networks

Original release date: April 15, 2021

CISA, the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) on Russian Foreign Intelligence Service (SVR) actors scanning for and exploiting vulnerabilities to compromise U.S. and allied networks, including national security and government-related systems.

Specifically, SVR actors are targeting and exploiting the following vulnerabilities:

Additionally the White House has released a statement formally attributing this activity and the SolarWinds supply chain compromise to SVR actors. CISA has updated the following products to reflect this attribution:

CISA strongly encourages users and administrators to review Joint CSA: Russian SVR Targets U.S. and Allied Networks for SVR tactics, techniques, and procedures, as well as mitigation strategies.

 

This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Updates for Chrome

Original release date: April 15, 2021

Google has updated the stable channel for Chrome to 90.0.4430.72 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome release and apply the necessary changes.

This product is provided subject to this Notification and this Privacy & Use policy.

Juniper Networks Releases Security Updates

Original release date: April 15, 2021

Juniper Networks has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Juniper Security Advisories webpage and apply the necessary updates or workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.