Skip to content

A second hacking group has targeted SolarWinds systems

December 21, 2020 – Article posted on ZDNET

As forensic evidence is slowly being unearthed in the aftermath of the SolarWinds supply chain attack, security researchers have discovered a second threat actor that has exploited the SolarWinds software to plant malware on corporate and government networks.

Details about this second threat actor are still scarce, but security researchers don’t believe this second entity is related to the suspected Russian government-backed hackers who breached SolarWinds to insert malware inside its official Orion app…

…But in the first few days following the public disclosure of the SolarWinds hack, initial reports mentioned two second-stage payloads.

Reports from GuidePoint, Symantec, and Palo Alto Networks detailed how attackers were also planting a .NET web shell named Supernova.

Read more at HERE.