(Reuters) – A second hacking group, unlike the suspected Russian team now associated with SolarWinds’ major data breach, also targeted the company’s products earlier this year, according to a Microsoft security research blog.
“The investigation of the entire SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product, but has been determined to be unlikely to be related to this compromise and is being used by another threat actor,” the report said. blog.
Security experts told Reuters this second attempt is known as “SUPERNOVA.” It is a piece of malware that mimics SolarWinds’ Orion product, but it is not “digitally signed” like the other attack, suggesting that this second group of hackers did not share access to the network management company’s internal systems.
It is unclear whether SUPERNOVA has been used against targets such as SolarWinds customers. The malware appears to have been created in late March, based on an assessment of the file’s compilation times.
The new finding shows how more than one cutting-edge hacking group saw SolarWinds, an Austin, Texas-based company that was not a household name until this month, as a key gateway to other goals.
In a statement, a SolarWinds spokesperson did not address SUPERNOVA, but said the company “remains focused on working with customers and experts to share information and better understand this issue.”
“It remains the first days of the investigation,” said the spokesman.
Reporting by Christopher Bing; Editing by Daniel Wallis