Sunday, April 11, 2021
  • Bitcoin
  • About
  • Trusted Links
  • Advertise
  • Careers
  • Donate
  • Contact
Hacking tools on all platforms
No Result
View All Result
  • The Hacker News
  • Tools9
  • Tutorial
  • Video
  • Blog
  • Donate Us
Hacking tools on all platforms
Home Blog
Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds

Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack

Nhan Nguyen by Nhan Nguyen
in Blog
Reading Time: 4min read
0
0
SHARES
77
VIEWS
Share on FacebookShare on Twitter

Related posts

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

02/25/2021
2.7k
Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

02/24/2021
2.5k
Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

02/24/2021
2.7k
Everything You Need to Know About Evolving Threat of Ransomware

Everything You Need to Know About Evolving Threat of Ransomware

02/24/2021
2.7k

Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack

raindrop malware solarwinds

Cybersecurity researchers have unearthed a fourth new malware strain—designed to spread the malware onto other computers in victims’ networks—which was deployed as part of the SolarWinds supply chain attack disclosed late last year.

Dubbed “Raindrop” by Broadcom-owned Symantec, the malware joins the likes of other malicious implants such as Sunspot, Sunburst (or Solorigate), and Teardrop that were stealthily delivered to enterprise networks.

password auditor

The latest finding comes amid a continued probe into the breach, suspected to be of Russian origin, that has claimed a number of U.S. government agencies and private sector companies.

“The discovery of Raindrop is a significant step in our investigation of the SolarWinds attacks as it provides further insights into post-compromise activity at organizations of interest to the attackers,” Symantec researchers said.

The cybersecurity firm said it discovered only four samples of Raindrop to date that were used to deliver the Cobalt Strike Beacon — an in-memory backdoor capable of command execution, keylogging, file transfer, privilege escalation, port scanning, and lateral movement.

Symantec, last month, had uncovered more than 2,000 systems belonging to 100 customers that received the trojanized SolarWinds Orion updates, with select targets infected with a second-stage payload called Teardrop that’s also used to install the Cobalt Strike Beacon.

“The way Teardrop is built, it could have dropped anything; in this case, it dropped Beacon, a payload included with Cobalt Strike,” Check Point researchers said, noting that it was possibly done to “make attribution harder.”

raindrop malware solarwinds

“While Teardrop was used on computers that had been infected by the original Sunburst Trojan, Raindrop appeared elsewhere on the network, being used by the attackers to move laterally and deploy payloads on other computers.”

It’s worth noting that the attackers used the Sunspot malware exclusively against SolarWinds in September 2019 to compromise its build environment and inject the Sunburst Trojan into its Orion network monitoring platform. The tainted software was then delivered to 18,000 of the company’s customers.

Microsoft’s analysis of the Solorigate modus operandi last month found that the operators carefully chose their targets, opting to escalate the attacks only in a handful of cases by deploying Teardrop based on intel amassed during an initial reconnaissance of the target environment for high-value accounts and assets.

Now Raindrop (“bproxy.dll”) joins the mix. While both Teardrop and Raindrop act as a dropper for the Cobalt Strike Beacon, they also differ in a number of ways.

For a start, Teardrop is delivered directly by the initial Sunburst backdoor, whereas Raindrop seems to have been deployed with the goal of spreading across the victims’ network. What’s more, the malware shows up on networks where at least one computer has already been compromised by Sunburst, with no indication that Sunburst triggered its installation.

The two malware strains also use different packers and Cobalt Strike configurations.

Symantec did not identify the organizations impacted by Raindrop but said the samples were found in a victim system that was running computer access and management software and on a machine that was found to execute PowerShell commands to infect additional computers in the organization with the same malware.

Hacking Tools by Novero Lotus with hashtags #Researchers #Discover #Raindrop #4th #Malware #Linked #SolarWinds #Attack

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securityNetwork Securityransomware malwaresoftware vulnerabilitythe hacker news
ShareTweet

Related Posts

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack
Blog

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

by Nhan Nguyen
02/25/2021
2.7k
Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique
Blog

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

by Nhan Nguyen
02/24/2021
2.5k
Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks
Blog

Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

by Nhan Nguyen
02/24/2021
2.7k
Everything You Need to Know About Evolving Threat of Ransomware
Blog

Everything You Need to Know About Evolving Threat of Ransomware

by Nhan Nguyen
02/24/2021
2.7k
Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now
Blog

Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now

by Nhan Nguyen
02/24/2021
1.6k
Experts Find a Way to Learn What You’re Typing During Video Calls
Blog

Experts Find a Way to Learn What You’re Typing During Video Calls

by Nhan Nguyen
02/23/2021
1.5k
Load More
Next Post
A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder

A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder

0 0 vote
Article Rating
Subscribe
Connect with
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
Notify of
guest
Connect with
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
guest
0 Comments
Inline Feedbacks
View all comments

New Posts Updated

Intro YouTube Nhan Nguyen Channel

Intro YouTube Nhan Nguyen Channel

1 month ago
8.8k
Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

2 months ago
2.7k
Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

2 months ago
2.5k
Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

2 months ago
2.7k
Everything You Need to Know About Evolving Threat of Ransomware

Everything You Need to Know About Evolving Threat of Ransomware

2 months ago
2.7k

BROWSE BY CATEGORIES

  • Blog
  • Dark Web
  • Downloads
  • Envato Free
  • Hacking Tools
  • Plugins
  • Social Network
  • Themes & Templates
  • Tools Free
  • Tools Free
  • Tutorial
  • Video

BROWSE BY TOPICS

AI Buidl computer security Counterfeited Money Credit Cards cyber attacks cyber news cyber security news cyber security news today cyber security updates cyber updates Dark Web data breach Deep Web Digital Virtual Hacker hacker news Hackers Hacking hacking news Hacking Tools how to hack information security Learn Python Linux Network Security PayPal Accounts Python Python Basic ransomware malware software vulnerability the hacker news Theme Blog / Magazine Theme Corporate Theme Creative Theme eCommerce Theme Free Theme Null Theme Real Estate Theme Wordpress Tool Tools Tor Tor Project’s Windows

Ads




POPULAR NEWS

  • Intro YouTube Nhan Nguyen Channel

    Intro YouTube Nhan Nguyen Channel

    0 shares
    Share 0 Tweet 0
  • Trusted Links on Dark Web update 2021

    3826 shares
    Share 0 Tweet 0
  • Hack Facebook Password 2021 100% Success in 2 minutes

    5712 shares
    Share 0 Tweet 0
  • Dark Web Scam Vendors & Markets List

    6714 shares
    Share 0 Tweet 0
  • Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

    0 shares
    Share 0 Tweet 0
  • Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

    0 shares
    Share 0 Tweet 0
  • Everything You Need to Know About Evolving Threat of Ransomware

    0 shares
    Share 0 Tweet 0
  • Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

    0 shares
    Share 0 Tweet 0
  • The truth about the dark web fraud trade

    37 shares
    Share 0 Tweet 0
  • VmWare Tutorials

    53 shares
    Share 0 Tweet 0
  • Bitcoin
  • About
  • Trusted Links
  • Advertise
  • Careers
  • Donate
  • Contact

TM + © 2013 - 2021 Hacking Tools Online Platforms .

No Result
View All Result
  • The Hacker News
  • Bitcoin
  • Tools
    • Hacking Tools
    • Ecommerce
    • Social Network
    • Tools Free
  • Downloads
    • Software
    • Tools Free
    • Mobile Apps
    • Scripts
    • Envato Free
    • Plugins
    • Themes & Templates
    • Free Online Courses
  • Tutorial
  • Video
  • Dark Web
  • Blog
  • Donate Us
  • Contact Us

TM + © 2013 - 2021 Hacking Tools Online Platforms .

0
0
Would love your thoughts, please comment.x
()
x
| Reply