[BreachExchange] Second hacking team was targeting SolarWinds at time of big breach

[Destry Winant]

https://www.reuters.com/article/usa-cyber-solarwinds/second-hacking-team-was-targeting-solarwinds-at-time-of-big-breach-idINKBN28T0SZ

(Reuters) - A second hacking group, different from the suspected
Russian team now associated with the major SolarWinds data breach,
also targeted the company’s products earlier this year, according to a
security research blog by Microsoft.

“The investigation of the whole SolarWinds compromise led to the
discovery of an additional malware that also affects the SolarWinds
Orion product but has been determined to be likely unrelated to this
compromise and used by a different threat actor,” the blog said.

Security experts told Reuters this second effort is known as
“SUPERNOVA.” It is a piece of malware that imitates SolarWinds’ Orion
product but it is not “digitally signed” like the other attack,
suggesting this second group of hackers did not share access to the
network management company’s internal systems.

It is unclear whether SUPERNOVA has been deployed against any targets,
such as customers of SolarWinds. The malware appears to have been
created in late March, based on a review of the file’s compile times.

The new finding shows how more than one sophisticated hacking group
viewed SolarWinds, an Austin, Texas-based company that was not a
household name until this month, as an important gateway to penetrate
other targets.

In a statement, a SolarWinds spokesman did not address SUPERNOVA, but
said the company “remains focused on collaborating with customers and
experts to share information and work to better understand this
issue.”

“It remains early days of the investigation,” the spokesman said.