Hacker group SilverFish has been recently detected to be Linked to the SolarWinds attack by security experts at a Swiss cybersecurity firm called Prodaft.

According to the reports published by security experts at Prodaft, a hacker group named SilverFish has been operating the wide-scale SolarWinds attack campaign since August 2020, wreaking worldwide cybersecurity havoc to extort critical data from the government as well as private organizations.

The Swiss cybersecurity experts had seemingly gained access to the SilverFish command-to-control i.e C2 servers which disclosed that more than 4500 victims had been compromised in the last month.

The experts were able to discover a significant convergence with the victims and the organizations struck in the SolarWinds attacks.

The SolarWinds attacks saw the hacking and compromise of some of the most globally established agencies and organizations. 

The Swiss researchers are of the opinion that SilverFish was the foremost hacker group targeting EU states by abusing the bugs and vulnerabilities linked to the SolarWinds attack.

Tracking SilverFish links:

When the SolarWinds attacks were disclosed back in December 2020, Prodaft obtained analysis requests from a compromised agency.

Subsequently, Prodaft researchers established digital fingerprints for the SolarWinds attacks to run IPv4 scans to detect other servers that were using the same fingerprints.

Dozens of servers monitoring compromised systems were found by the researchers sending commands to them. As a result, they were able to gain access to two of such servers by identifying security weaknesses in their configuration.

Also read,

Subsequent analysis disclosed evidence that SilverFish was indeed targeting victims since August 2020 utilizing attacks by way of IP, user name, timestamp records, and command execution.

Their reports also claim that SilverFish had deployed a total of four teams to breach victim systems and computers, mainly aiming for big organizations and government agencies.

US-based organizations reportedly suffered the highest number of cyberattacks, followed by Europe.

SolarWinds perpetrator speculations:

The malicious actors had used Russian slang and vernacular to write comments, although used English as the main language.

Evidence suggesting that the malicious actors were maneuvering the C2 servers from Russia and Ukraine was also reported by experts.