Reuters reported on the 19th that a second hacking group, different from the suspected Russian team now associated with the major SolarWinds data breach, also targeted the company’s products earlier this year, according to a security research blog by Microsoft.
“The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor,” the blog said.
Security experts told Reuters this second effort is known as “SUPERNOVA.” It is a piece of malware that imitates SolarWinds’ Orion product but it is not “digitally signed” like the other attack, suggesting this second group of hackers did not share access to the network management company’s internal systems.
Why aren’t we hearing about that? We only hear about Russia! Russia! Russia! Were the second team of hackers Russians? Why don’t we know?
Does it matter who hacks? China and Iran are also targeting us. They are all bad actors.
https://t.co/ac4xxrLQsnhttps://t.co/8EXBMK9Lt2
"While malicious, SUPERNOVA has not been currently tied to the UNC2452 SolarWinds compromise"
Compile time: 2020-03-24 09:16:10
— Chris Bing (@Bing_Chris) December 19, 2020
Subscribe to the Daily Newsletter
