All Resources
Your central hub for security and compliance content.
Blog
Stay informed with expert insights and practical advice on cybersecurity, privacy, and compliance challenges.
News
Get the latest company updates, industry developments, and regulatory changes impacting the cybersecurity landscape.
Whitepapers
Access in-depth research and strategic guidance on risk management, regulatory compliance, and cybersecurity best practices.
Case Studies
See how organizations like yours solved complex cybersecurity and compliance challenges with TrustNet’s solutions.

Knowledge Hub

ISO 27001 Hub

Guides

All Guides
Get practical step-by-step guides designed to help you navigate audits, improve security posture, and meet compliance requirements.

Edit Template

Solutions

Compliance

SOC Assessments

PCI DSS

ISO 27001

HITRUST

CSA STAR

CMMC

Cybersecurity

Penetration Testing

Cyber Risk Assessment

Managed Security

Security Awareness Training

Privacy

GDPR

CCPA

HIPAA

Industry

Healthcare

Financial

Retail

Education

Energy and Utilities

View All Industries
Technologies

Managed
Security

Cost-Effective Security That Scales
Always-on protection, expert insight, and cutting-edge technology – transforming risk into resilience.

Managed
Compliance

Compliance, Without the Chaos
Combines expert insight with intelligent automation – removing the risk from compliance, keeping you aligned in real time, and audit-ready.

The Trusted Security Testing Platform

Security Testing, Without the Guesswork
Reimagined security testing – automated speed, expert precision, and real-time insights in one powerful, collaborative platform.
Pricing
Resources
Resources

All Resources
Your central hub for security and compliance content.
Blog
Stay informed with expert insights and practical advice on cybersecurity, privacy, and compliance challenges.
News
Get the latest company updates, industry developments, and regulatory changes impacting the cybersecurity landscape.
Whitepapers
Access in-depth research and strategic guidance on risk management, regulatory compliance, and cybersecurity best practices.
Case Studies
See how organizations like yours solved complex cybersecurity and compliance challenges with TrustNet’s solutions.

Knowledge Hub

ISO 27001 Hub

Guides

All Guides
Get practical step-by-step guides designed to help you navigate audits, improve security posture, and meet compliance requirements.

SOC Compliance Guide
ISO 27001 Compliance Guide
Company
About Us
Learn more about TrustNet
Press
See the latest Press Releases

Contact Us
Get in Touch with us

Solutions
Technologies
Pricing
Resources
Resources

All Resources
Your central hub for security and compliance content.
Blog
Stay informed with expert insights and practical advice on cybersecurity, privacy, and compliance challenges.
News
Get the latest company updates, industry developments, and regulatory changes impacting the cybersecurity landscape.
Whitepapers
Access in-depth research and strategic guidance on risk management, regulatory compliance, and cybersecurity best practices.
Case Studies
See how organizations like yours solved complex cybersecurity and compliance challenges with TrustNet’s solutions.

Knowledge Hub

ISO 27001 Hub

Guides

All Guides
Get practical step-by-step guides designed to help you navigate audits, improve security posture, and meet compliance requirements.

SOC Compliance Guide
ISO 27001 Compliance Guide
Company

Talk to an Expert

News

Shades of SolarWinds Attack Malware Found in New ‘Tomiris’ Backdoor

October 29, 2021

Expert Security Insights

Stay informed with expert-driven security content

Just when it seemed like the furor around the supply attack on SolarWinds by a Russian-affiliated threat actor, Dark Halo had died down, sobering new allegations came to the fore. Researchers at Kaspersky revealed that they believe there to be a new backdoor (named “Tomiris”) that seems to be suspiciously linked to a piece of malware dubbed Sunshuttle that Dark Halo used during the SolarWinds attack. Sunshuttle, as well as the Tomiris software that closely mimicked it, was written in Golang.

Its purpose was to give the criminals who created it a way to communicate with the systems they had infiltrated and to issue remote commands allowing them to perform actions such as uploading and downloading files. Security teams identified other similarities between Tomiris and Sunshuttle, including misspellings in both codes suggesting that the authors were not native English speakers.

Kaspersky’s discovery occurred in June of this year while it was researching DNS hijacking incidents that had been levied against a specific nation in the Commonwealth of Independent States in December of 2020 and January of 2021. In an attempt to steal credentials from these government servers, the hackers redirected traffic away from legitimate servers toward their own, thus jeopardizing the integrity of the data stored and transmitted.

While it is not yet an iron-clad conclusion that the same bad actor developed the Tomiris and Sunshuttle malware samples, Kaspersky officials believe the likelihood is strong. If it is indeed the case that Dark Halo was responsible for both, one conclusion is clear: Dark Halo is a criminal network whose scope should not be under-estimated. That organization, also known as StellarParticle, Nobelium, and UNC2452, has been linked by numerous security experts and the United States government to Russia’s Foreign Intelligence Service (SVR). Dark Halo is notorious for its 2020 attack on SolarWinds’ software development environment by embedding a trojan into its signed updates. This breach affected at least 1,800 organizations at a high financial and reputational cost.