(Reuters) – A second hacking group, different from the alleged Russian team now associated with the main SolarWinds data breach, also targeted the company’s products earlier this year, according to a security research blog from Microsoft.
“The investigation of the entire SolarWinds compromise has led to the discovery of additional malware that also affects the SolarWinds Orion product, but it has been established that it is probably unrelated to this compromise and is being used by another threat actor,” the blog said.
Security experts told Reuters that this second effort is known as “SUPERNOVA”. It is malware that mimics Orion’s Solarion product, but is not “digitally signed” like the other attack, suggesting that this second group of hackers do not have access to the company’s network management systems.
It is unclear whether SUPERNOVA was deployed against targets such as SolarWinds customers. The malware appears to have been created in late March, based on a review of file compilation times.
The new discovery shows how more than one sophisticated hacking group saw SolarWinds, a company in Austin, Texas, that was not a household name until this month, as an important gateway to penetrating other targets.
In a statement, a SolarWinds spokesman did not address SUPERNOVA, but said the company “remains focused on working with customers and experts to share information and work to better understand the issue.”
“The first days of the investigation remain,” the spokesman said.
Reporting by Christopher Bing; Edited by Daniel Wallis