- Security researchers have identified nearly 200 victims of SUNBURST attack
- Malware was downloaded by 18,000 groups but only activated on a handful
- So far most victims are government agencies, tech companies and contractors
- Nine-month espionage campaign gave hackers untold access to secrets
- Now second backdoor has been discovered in compromised SolarWinds code
- Microsoft researchers dub it SUPERNOVA and say it it likely from a second team
- Mike Pompeo attributed the more damaging SUNBURST attack to Russia
- Trump broke his silence to contradict Pompeo and insists China may be to blame
- Expert tells DailyMail.com: ‘Cyber attribution is exceptionally complex’
- The attack has been described as the cyber equivalent of Pearl Harbor
- Experts say the extent of the information stolen may never be known
Microsoft researchers say a second unidentified hacking team installed a backdoor in the same SolarWinds network software that facilitated a massive cyber espionage campaign, as the number of victims in the attack rose to 200.
The second backdoor, dubbed SUPERNOVA by security experts, appears distinct from the SUNBURST attack that has been attributed to Russia, raising the possibility that multiple adversaries were attempting parallel attacks, perhaps unbeknownst to each other.
It comes after President Donald Trump contradicted members of his own administration to suggest that China may be behind the sprawling attack, which compromised key federal agencies.
‘The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor,’ Microsoft said in a security blog on Friday.
The second backdoor is a piece of malware that imitates SolarWinds’ Orion product but it is not ‘digitally signed’ like the other attack, suggesting this second group of hackers did not share the same access to the network management company’s internal systems.