Symantec recently provided analysis on the two types of malware that were used in the SolarWinds hack.
We have all heard about the SolarWinds Malware Hack and how it compromised companies worldwide. The attack didn’t just affect small companies, but government agencies and tech companies like Microsoft and FireEye.
The SolarWinds “Sunburst” Backdoor affected around 18,000 organisations in Spring last year.
After the widespread attack “hackers” selected specific, high-value targets to further infiltrate to gain access to their data.
This further attack was discovered in December 2020 and has been identified as “Raindrop”. The Raindrop Exploit allowed hackers to install software know as “Cobalt Strike”, which is a commercially available penetration-testing tool that can detect weak points in any network. When used for its intended purpose, Cobalt Strike simulates an attack on a network to identify weak-points and vulnerabilities that need to be patched. Hackers have since figured out how to turn it against networks to spread through an environment, exfiltrate data, deliver malware and more.
Symantec observed the malware being used on different victim computers:
- The first was a high-value target, with a computer access-and-management software installed. That management software could be used to access any of the other computers in the compromised organisation’s network.
- In the second victim, Raindrop installed Cobalt Strike and then executed PowerShell commands that were bent on installing further instances of Raindrop on additional computers in the organisation.
It is important to ensure your IT Environments are protected from A to Z, and to have a solution in place that will be able to defend against attacks such as Sunburst and Raindrop.
Please speak to your Account Manager today to ensure you and your customers are fully protected.