Russia-Linked Hack Spread Via New Malware, Security Experts Say
(Bloomberg) -- Suspected Russian hackers used a previously unknown piece of malware called “Raindrop” in the SolarWinds cyberattack, potentially infecting more computer systems than had been thought, according to digital security firm Symantec.
It’s the latest information to emerge about the sprawling hack that sent shock waves through the U.S. government and business world last month.
Raindrop “was used against a select number of victims that were of interest to the attackers,” according to a blog post by a team headed by Eric Chien, the technical director at Symantec, which is a unit of Broadcom Inc.
Symantec has not found evidence that it was delivered through the SolarWinds malware, which means computer systems showing no signs of containing SolarWinds software or the malware it delivered could still be victims of the attack, according to Chien. He said the hackers likely used credentials stolen during the SolarWinds phase of the attack to log in and deliver Raindrop to other systems.
“Machines that don’t have SolarWinds could still be infected,” suggesting the hack could be larger than previously understood, said Chien. “Hopefully Raindrop is the end of the chain, but there’s no guarantee.”
©2021 Bloomberg L.P.