Security News > 2021 > January > SolarWinds hackers used 7-Zip code to hide Raindrop Cobalt Strike loader
The ongoing analysis of the SolarWinds supply-chain attack uncovered a fourth malicious tool that researchers call Raindrop and was used for distribution across computers on the victim network.
The hackers used Raindrop to deliver a Cobalt Strike beacon to select victims that were of interest and which had already been compromised through the trojanized SolarWinds Orion update.
Symantec researchers found the new Raindrop malware on machines compromised through the SolarWinds cyberattack.
To hide the malicious functionality, the hackers used a modified version of the 7-Zip source code to compile Raindrop as a DLL file.
Cybersecurity company Volexity investigating SolarWinds cyberattacks also reported that the hackers used PowerShell for lateral movement activity by creating new tasks on remote machines.
Symantec finding Raindrop adds another piece to the SolarWinds supply-chain attack puzzle.