Security News > 2021 > January > Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack

Cybersecurity researchers have unearthed a fourth new malware strain-designed to spread the malware onto other computers in victims' networks-which was deployed as part of the SolarWinds supply chain attack disclosed late last year.

"The discovery of Raindrop is a significant step in our investigation of the SolarWinds attacks as it provides further insights into post-compromise activity at organizations of interest to the attackers," Symantec researchers said.

It's worth noting that the attackers used the Sunspot malware exclusively against SolarWinds in September 2019 to compromise its build environment and inject the Sunburst Trojan into its Orion network monitoring platform.

For a start, Teardrop is delivered directly by the initial Sunburst backdoor, whereas Raindrop seems to have been deployed with the goal of spreading across the victims' network.

What's more, the malware shows up on networks where at least one computer has already been compromised by Sunburst, with no indication that Sunburst triggered its installation.

Symantec did not identify the organizations impacted by Raindrop but said the samples were found in a victim system that was running computer access and management software and on a machine that was found to execute PowerShell commands to infect additional computers in the organization with the same malware.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/h6AQYcEfo6Q/researchers-discover-raindrop-4th.html