Second hacking team was targeting SolarWinds at time of big breach

The SolarWinds logo is seen outside its headquarters in Austin, Texas, U.S., December 18, 2020. REUTERS/Sergio Flores

(Reuters) - A second hacking group, different from the suspected Russian team now associated with the major SolarWinds data breach, also targeted the company’s products earlier this year, according to a security research blog by Microsoft.

“The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor,” the blog said.

Security experts told Reuters this second effort is known as “SUPERNOVA.” It is a piece of malware that imitates SolarWinds’ Orion product but it is not “digitally signed” like the other attack, suggesting this second group of hackers did not share access to the network management company’s internal systems.

It is unclear whether SUPERNOVA has been deployed against any targets, such as customers of SolarWinds. The malware appears to have been created in late March, based on a review of the file’s compile times.

The new finding shows how more than one sophisticated hacking group viewed SolarWinds, an Austin, Texas-based company that was not a household name until this month, as an important gateway to penetrate other targets.

In a statement, a SolarWinds spokesman did not address SUPERNOVA, but said the company “remains focused on collaborating with customers and experts to share information and work to better understand this issue.”

“It remains early days of the investigation,” the spokesman said.

Reporting by Christopher Bing; Editing by Daniel Wallis