Supernova Malware, Russia second group of hackers targeting SolarWinds

In the event of a significant breach the second hacking team targets SolarWind.

The other assault was not "digitally signed"

According to a security research blog published by Microsoft, a second hacking party, separate from the alleged Russian team that is now involved with the key data breach of SolarWinds also attacked the company products earlier this year.


"The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor," said the blog.

Reuters was told by security experts that "SUPERNOVA." is the second attempt.

It is a malware imitating the product from SolarWinds' Orion, but it is not "digitally signed" This second group of hackers has refused to share access to internal networks of a network management company.

It is not clear if SUPERNOVA was deployed for any purposes, for example for SolarWinds customers.

The malware seems to have been generated at the end of March, following an analysis of the compile times of the code.

The new findings shows that SolarWinds, a Texas-based business that until that month had not been a household name, was seen by more than one sophisticated hacking community as an effective way to achieve other objectives.

A SolarWinds Speaker did not discuss SUPERNOVA, but said that "remains focused on collaborating with customers and experts to share information and work to better understand this issue."

"It remains early days of the investigation," said the spokesman.

"WORSE THAN WE THOUGHT:" Massive Solarwinds Orion Hack Explained, Multiple US Agencies Affected