(Reuters) – A second hacking group, other than the alleged Russian team now associated with the main SolarWinds data breach, also targeted the company’s products earlier this year, according to a research blog Microsoft Security.
“Investigation of the entire SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product, but which has been determined to be probably unrelated to that compromise and used by another actor in the threats, “the blog said.
Security experts told Reuters that this second effort is known as “SUPERNOVA.” It is malware that mimics SolarWinds’ Orion product, but is not “digitally signed” like the other attack, suggesting that this second group of hackers did not share access to the network management company’s internal systems.
It is unclear whether SUPERNOVA has been deployed against any target, such as SolarWinds customers. Malware appears to have been created in late March, based on a review of file compilation times.
The new finding shows how more than one sophisticated piracy group viewed SolarWinds, an Austin, Texas-based company that until this month was not a well-known name, as a major gateway to penetrating other targets.
In a statement, a SolarWinds spokesman did not address SUPERNOVA, but said the company “remains focused on collaborating with customers and experts to share information and work to better understand the issue.”
“The first days of the investigation are still underway,” the spokesman said.
Christopher Bing Reports; Edited by Daniel Wallis