‘Raindrop’ Is Latest Malware Tied to SolarWinds Hack

/in


3rd Party Risk Management
,
Cybercrime
,
Forensics

Researchers: Backdoor Is Fourth Malware Variant Used During Attacks

Doug Olenick (DougOlenick) •
January 19, 2021    

'Raindrop' Is Latest Malware Tied to SolarWinds Hack
An timeline illustrating a Raindrop infection (Source: Symantec Threat Intelligence )

Symantec Threat Intelligence says it has uncovered another malware variant used in the SolarWinds supply chain hack – a loader nicknamed “Raindrop” that apparently was used to deliver Cobalt Strike, a legitimate penetration testing tool, to a handful of targets.

See Also: Roundtable Wrap: Cybersecurity Over Next 4 Years


Raindrop is the fourth malware variant identified as being used during the attack that targeted SolarWinds’ Orion network monitoring software. The others are Teardrop, Sunspot and Sunburst.

Symantec says Raindrop is similar to the already documented second-stage loader Teardrop, although they have several key differences.

“While Teardrop was delivered by the initial Sunburst backdoor, Raindrop appears to have been used for spreading across the victim’s network,” the Symantec report states.

Symantec researchers say they’ve detected no evidence that Raindrop is delivered directly by Sunburst. Raindrop appears elsewhere on networks where at least one device had already been compromised by Sunburst.

The SolarWinds supply chain attack that started in March 2020 involved placing the…

Source…