A New SolarWinds Malware Strain Is Discovered

Illustration for article titled A New SolarWinds Malware Strain Is Discovered
Photo: Photo credit should read PHILIPPE HUGUEN/AFP (Getty Images)

SolarWinds: it’s the hack that keeps on growing. On Monday, researchers announced the discovery of yet another malware strain used by foreign hackers to infiltrate a wide milieu of American government agencies and companies.

Advertisement

Cybersecurity firm Symantec has reported its discovery of “Raindrop,” a “loader” (a remote access tool) that was responsible for delivering a Cobalt Strike beacon payload (a post-compromise agent that hackers use to stealthily penetrate deeper into a victim’s network). With Raindrop, the hackers were able to set up shop in a select number of target computers in order to conduct surveillance, researchers said.

This latest discovery brings the total number of SolarWinds-related malware to four. Between this and the three other known strains (Teardrop, Sunspot, and Sunburst), security researchers are surely running out of monikers that sound like the names of bad prog-rock bands.

Also revealed Tuesday was yet another apparent victim in the ongoing cyber nightmare: Malwarebytes, a cybersecurity and anti-malware software company, which reported that the same hackers who have wreaked so much havoc elsewhere appear to have also accessed their internal emails.

Malwarebytes, which sells a variety of anti-malware and endpoint security products, claims that hackers which exhibited the same “tactics and techniques” used by the SolarWinds bad guys breached their company’s emails. These hackers “only gained access to a limited subset of internal company emails,” the company claims, and officials say they have “found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments.”

These are the latest updates in the alarming, seemingly unending tale of SolarWinds: America’s largest cyberattack ever, a supply chain breach in which, among other things, hackers infiltrated the titular software company and used its popular IT management software, Orion, to infiltrate myriad federal agencies. Such inconsequential entities as the Department of Defense, the DOJ, the U.S. State Department, the Department of Energy, and the federal agency responsible for maintaining our stockpile of nuclear weapons have all been involved.

Advertisement

The U.S. government has tentatively blamed this whole mess on “Russian hackers,” the specific grouping of which others have speculated is APT 29, otherwise known as “Cozy Bear.”

Staff writer at Gizmodo

DISCUSSION

eyebreakthings
EyeBreakThings

These supply chain attacks scare the shit out of me. I’m literally looking to find a good replacement for RDCMan 2.7 (a great RDP client manager, built by Microsoft, but deprecated and I assume full of security holes) - but the Microsoft replacement  product is in no way a replacement (sorry, the old ugly UI makes way more sense). But there are a bunch of perfect 3rd party tools that do everything I could want. Can I trust them? Maybe I can today, but can I after the next update? These tools are used to remotely connect to sensitive servers. Sure, I won’t use their credential manager, but what about sneaking in a keylogger?