Second hacking group suspected in massive SolarWinds attack

There may be another group of hackers at work in the wake of the devastating SolarWinds attack.

A Microsoft blog hints at a second hacking attempt not related to the initial hack of the SolarWinds software. 

In that first attack, Russian actors hacked software updates for popular network monitoring tool SolarWinds Orion, described as a “supply chain” hack. As a result, multiple government agencies were breached. A number of Big Tech companies have also installed SolarWinds software, including Cisco, Intel and VMware, according to The Wall Street Journal.

“In an interesting turn of events, the investigation of the whole SolarWinds compromise led to the discovery of an additional malware,” Microsoft said in the post.

In all, the attack could have impacted as many as 18,000 of SolarWinds’ customers, the company said. 

Despite the second attack going after SolarWinds’ Orion product, Microsoft determined it is “likely unrelated to this compromise and used by a different threat actor,” widely assumed to be another cybercriminal organization. 

In the blog post, Microsoft described the additional malware discovered as “a small persistence backdoor in the form of a DLL file,” referring to a Dynamic Link Library. Files with a “.DLL” extension are commonly found in Windows.

Unlike the original attack, “this malicious DLL does not have a digital signature, which suggests that this may be unrelated” to the first attack, Microsoft explained.

Redmond, Wash.-based Microsoft has not identified the malware by name, but analysis by security researchers at Palo Alto Networks refer to it as “Supernova.”

There’s been some confusion because security researchers thought that Supernova was possibly tied to the first attack, according to ZDNet. However, the news outlet reported that is not the case, citing a follow-up analysis from Microsoft’s security teams. The upshot is companies that have SolarWinds with Supernova need to handle it as a separate attack.

Experts believe there is more to be uncovered about the attacks and how widespread they were. 

“There is still much we don’t know, including exactly how the supply chain hack was accomplished, what other vectors were used besides SolarWinds, how many victims were impacted, what the adversary’s objectives were and what information they were able to obtain, what they will do with that information, and more,” Suzanne Spaulding, advisor to Nozomi Networks and former DHS undersecretary of cyber and infrastructure, said in a statement sent to Fox News. “Removing this threat will be a battle. This is not an adversary that runs away once detected. They will fight to maintain a persistent presence, even returning once booted out.” 

Fox News has contacted SolarWinds for comment.

All countries
136,122,804
Total confirmed cases
Updated on April 11, 2021 10:15 am
Italy
3,754,077
Total confirmed cases
Updated on April 11, 2021 10:15 am
Spain
3,347,512
Total confirmed cases
Updated on April 11, 2021 10:15 am
Iran
2,070,141
Total confirmed cases
Updated on April 11, 2021 10:15 am
Germany
2,992,803
Total confirmed cases
Updated on April 11, 2021 10:15 am

Latest Updates

Without Backpackers to Pick Them, Crops Rot by the Ton in Australia

SHEPPARTON, Australia — Peter Hall ran a hand over the Gala apples sitting in a wooden crate on his orchard in southeastern Australia, lamenting...

U.S. Will Have Enough COVID-19 Vaccines for All Adults by End of May, Biden Says

You have reached your limit of 4 free articles. Get unlimited access to TIME.com.99¢ for the first month Subscribe Now You have...

Biden Vows Enough Vaccine ‘for Every Adult American’ by End of May

But Johnson & Johnson and its partners fell behind in their manufacturing. The company was supposed to deliver its first 37 million doses by...

Popular Articles

Without Backpackers to Pick Them, Crops Rot by the Ton in Australia

SHEPPARTON, Australia — Peter Hall ran a hand over the Gala apples sitting in a wooden crate on his orchard in southeastern Australia, lamenting...

U.S. Will Have Enough COVID-19 Vaccines for All Adults by End of May, Biden Says

You have reached your limit of 4 free articles. Get unlimited access to TIME.com.99¢ for the first month Subscribe Now You have...

Biden Vows Enough Vaccine ‘for Every Adult American’ by End of May

But Johnson & Johnson and its partners fell behind in their manufacturing. The company was supposed to deliver its first 37 million doses by...

Twitch gamer Sodapoppin quits fake GTA jobs because they’re too hard

Sometimes being a fake fast-food restaurant manager can be as taxing as being a real one. This is especially true when you also have pretend...

Sarkozy says could take corruption appeal to European human rights court

France's former president Nicolas Sarkozy said Tuesday that he might consider taking his appeal against a corruption conviction to the European Court of...

Where Biden’s Foreign Policy Is Taking the U.S.

One day before the administration announced its decision on Saudi Arabia, Biden gave the first major indication of his presidency that he would be...

Interviews