Microsoft discovers SECOND hacking team dubbed “Supernova” installed backdoor in SolarWinds software in March – as Feds say first Russian “act of war” cyber attack struck at least 200 firms and US federal agencies now

Sharing is Caring!
  • Security researchers have identified nearly 200 victims of SUNBURST attack
  • Malware was downloaded by 18,000 groups but only activated on a handful
  • So far most victims are government agencies, tech companies and contractors
  • Nine-month espionage campaign gave hackers untold access to secrets
  • Now second backdoor has been discovered in compromised SolarWinds code
  • Microsoft researchers dub it SUPERNOVA and say it it likely from a second team
  • Mike Pompeo attributed the more damaging SUNBURST attack to Russia 
  • Trump broke his silence to contradict Pompeo and insists China may be to blame
  • Expert tells ‘Cyber attribution is exceptionally complex’ 
  • The attack has been described as the cyber equivalent of Pearl Harbor
  • Experts say the extent of the information stolen may never be known 

Microsoft researchers say a second unidentified hacking team installed a backdoor in the same SolarWinds network software that facilitated a massive cyber espionage campaign, as the number of victims in the attack rose to 200.

The second backdoor, dubbed SUPERNOVA by security experts, appears distinct from the SUNBURST attack that has been attributed to Russia, raising the possibility that multiple adversaries were attempting parallel attacks, perhaps unbeknownst to each other.

It comes after President Donald Trump contradicted members of his own administration to suggest that China may be behind the sprawling attack, which compromised key federal agencies.

‘The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor,’ Microsoft said in a security blog on Friday.

The second backdoor is a piece of malware that imitates SolarWinds’ Orion product but it is not ‘digitally signed’ like the other attack, suggesting this second group of hackers did not share the same access to the network management company’s internal systems.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.