Security News > 2021 > January > SolarWinds Malware Arsenal Widens with Raindrop

SolarWinds Malware Arsenal Widens with Raindrop
2021-01-19 16:40

An additional piece of malware, dubbed Raindrop, has been unmasked in the sprawling SolarWinds supply-chain attacks.

Researchers have identified Raindrop as one of the tools used for those follow-on attacks.

In the second victim, Raindrop installed Cobalt Strike and then executed PowerShell commands that were bent on installing further instances of Raindrop on additional computers in the organization.

Raindrop joins other custom malware that has been documented as being used in the attacks, including the Teardrop tool, which researchers said was delivered by the initial Sunburst backdoor.

Raindrop uses a different custom packer from Teardrop; and, Raindrop isn't fetched by Sunburst directly, researchers said.

"The discovery of Raindrop is a significant step in our investigation of the SolarWinds attacks as it provides further insights into post-compromise activity at organizations of interest to the attackers," according to the Symantec analysis.


News URL

https://threatpost.com/solarwinds-malware-arsenal-raindrop/163153/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 44 0 80 95 40 215