SolarWinds: it’s the hack that keeps on growing. On Monday, researchers announced the discovery of yet another malware strain used by foreign hackers to infiltrate a wide milieu of American government agencies and companies.
Cybersecurity firm Symantec has reported its discovery of “Raindrop,” a “loader” (a remote access tool) that was responsible for delivering a Cobalt Strike beacon payload (a post-compromise agent that hackers use to stealthily penetrate deeper into a victim’s network). With Raindrop, the hackers were able to set up shop in a select number of target computers in order to conduct surveillance, researchers said.
This latest discovery brings the total number of SolarWinds-related malware to four. Between this and the three other known strains (Teardrop, Sunspot, and Sunburst), security researchers are surely running out of monikers that sound like the names of bad prog-rock bands.
Also revealed Tuesday was yet another apparent victim in the ongoing cyber nightmare: Malwarebytes, a cybersecurity and anti-malware software company, which reported that the same hackers who have wreaked so much havoc elsewhere appear to have also accessed their internal emails.
Malwarebytes, which sells a variety of anti-malware and endpoint security products, claims that hackers which exhibited the same “tactics and techniques” used by the SolarWinds bad guys breached their company’s emails. These hackers “only gained access to a limited subset of internal company emails,” the company claims, and officials say they have “found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments.”
These are the latest updates in the alarming, seemingly unending tale of SolarWinds: America’s largest cyberattack ever, a supply chain breach in which, among other things, hackers infiltrated the titular software company and used its popular IT management software, Orion, to infiltrate myriad federal agencies. Such inconsequential entities as the Department of Defense, the DOJ, the U.S. State Department, the Department of Energy, and the federal agency responsible for maintaining our stockpile of nuclear weapons have all been involved.
The U.S. government has tentatively blamed this whole mess on “Russian hackers,” the specific grouping of which others have speculated is APT 29, otherwise known as “Cozy Bear.”