The SolarWinds cyberattack was known for its sophistication in the breadth of tactics used to infiltrate and persist in the target infrastructure. Microsoft called the threat actor behind the campaign “skillful and methodic operators who follow OpSec” best practices to minimize traces, stay under the radar, and avoid detection” RiskIQ said it identified an additional set of 18 servers with high confidence that likely communicated with secondary Cobalt Strike payloads delivered via the TEARDROP and RAINDROP malware, representing a 56% jump in the attacker’s known command-and-control footprint.
Source: https://thehackernews.com/2021/04/researchers-find-additional.html