New malware from SolarWinds hackers found

New malware from SolarWinds hackers found

Symantec researchers have found additional malware used by the attackers behind the SolarWinds hack. The malware helped the attackers to extend their access to an infected network.

The researchers have named the new malware Raindrop. It is very similar to the existing Teardrop malware that the attackers used to exploit infected machines and networks further. Raindrop was used to spread the Cobalt Strike software across infected networks.

Cobalt Strike

Cobalt Strike is a software package that has been used by penetration testers. It can make infected computers execute commands, track user inputs, copy files, escalate privileges and scan the network for open ports.

Using Cobalt Strike costs over 3,000 euros a year, but last year part of the software’s source code suddenly appeared on GitHub. Cracked versions of the software have been circulating online for some time.

SolarWinds hack

In late 2020, it was discovered that malicious people had managed to add a backdoor to SolarWinds Orion. Many companies and government institutions use this IT management software.

Since the discovery of the hack, security researchers have been trying to find out the extent of the damage it caused. Many researchers suspect that Russian state-sponsored hackers are behind the attack. They base this on the sophisticated way the attack was carried out, with a lot of attention for erasing traces.

Tip: Read everything about the SolarWinds hack