Security News > 2021 > January > Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack
Cybersecurity researchers have unearthed a fourth new malware strain-designed to spread the malware onto other computers in victims' networks-which was deployed as part of the SolarWinds supply chain attack disclosed late last year.
"The discovery of Raindrop is a significant step in our investigation of the SolarWinds attacks as it provides further insights into post-compromise activity at organizations of interest to the attackers," Symantec researchers said.
It's worth noting that the attackers used the Sunspot malware exclusively against SolarWinds in September 2019 to compromise its build environment and inject the Sunburst Trojan into its Orion network monitoring platform.
For a start, Teardrop is delivered directly by the initial Sunburst backdoor, whereas Raindrop seems to have been deployed with the goal of spreading across the victims' network.
What's more, the malware shows up on networks where at least one computer has already been compromised by Sunburst, with no indication that Sunburst triggered its installation.
Symantec did not identify the organizations impacted by Raindrop but said the samples were found in a victim system that was running computer access and management software and on a machine that was found to execute PowerShell commands to infect additional computers in the organization with the same malware.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/h6AQYcEfo6Q/researchers-discover-raindrop-4th.html
Related news
- CISA warns critical SolarWinds RCE bug is exploited in attacks (source)
- Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack (source)
- CISA warns of Windows flaw used in infostealer malware attacks (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users (source)