‘Raindrop’ Is Latest Malware Tied to SolarWinds Hack
3rd Party Risk Management
,
Cybercrime
,
Forensics
Researchers: Backdoor Is Fourth Malware Variant Used During Attacks
See Also: Roundtable Wrap: Cybersecurity Over Next 4 Years
Raindrop is the fourth malware variant identified as being used during the attack that targeted SolarWinds’ Orion network monitoring software. The others are Teardrop, Sunspot and Sunburst.
Symantec says Raindrop is similar to the already documented second-stage loader Teardrop, although they have several key differences.
“While Teardrop was delivered by the initial Sunburst backdoor, Raindrop appears to have been used for spreading across the victim’s network,” the Symantec report states.
Symantec researchers say they’ve detected no evidence that Raindrop is delivered directly by Sunburst. Raindrop appears elsewhere on networks where at least one device had already been compromised by Sunburst.
The SolarWinds supply chain attack that started in March 2020 involved placing the…