Another hacking group, different from the suspected Russian team now associated with the important SolarWinds data breach, also targeted the organization’s products earlier this season, according to a safety research site by Microsoft.
“The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor,” the blog said.
Security specialists told journalists at our partner news agency Reuters this second attempt is known as “SUPERNOVA.” It’s a piece of malware that reproduces SolarWinds’ Orion product but it is not “digitally signed” like the other attack, suggesting this second group of hackers did not share access to the network management company’s internal systems.
It is unclear whether SUPERNOVA has been deployed against any targets, such as customers of SolarWinds. The malware appears to have been created in late March, based on a review of the file’s compile times.
The new finding shows how more than one sophisticated hacking group viewed SolarWinds, an Austin, Texas-based company that was not a household name until this month, as an important gateway to penetrate other targets.
In a statement, a SolarWinds spokesman did not address SUPERNOVA, but said the company “remains focused on cooperating with customers and specialists to share information and work to better understand this matter.”
“It remains early days of this investigation,” the spokesman said.
The team at Platform Executive hope you have enjoyed the ‘[post_title]’ article. Initial reporting via our official content partners at Thomson Reuters. Reporting by Christopher Bing. Editing by Daniel Wallis.
Stay on top of the latest developments across the platform economy and gain access to our problem-solving tools, proprietary databases and content sets by becoming a member of our community. For a limited time, premium subscription plans start from just $16 per month.