Second hacking group suspected in massive SolarWinds attack

There may be another group of hackers at work in the wake of the devastating SolarWinds attack. A Microsoft blog  hints at a second hack...

There may be another group of hackers at work in the wake of the devastating SolarWinds attack.

A Microsoft blog hints at a second hacking attempt not related to the initial hack of the SolarWinds software. 

In that first attack, Russian actors hacked software updates for popular network monitoring tool SolarWinds Orion, described as a “supply chain” hack. As a result, multiple government agencies were breached. A number of Big Tech companies have also installed SolarWinds software, including Cisco, Intel and VMware, according to The Wall Street Journal.

“In an interesting turn of events, the investigation of the whole SolarWinds compromise led to the discovery of an additional malware,” Microsoft said in the post.

In all, the attack could have impacted as many as 18,000 of SolarWinds’ customers, the company said. 

Despite the second attack going after SolarWinds’ Orion product, Microsoft determined it is “likely unrelated to this compromise and used by a different threat actor,” widely assumed to be another cybercriminal organization. 

In the blog post, Microsoft described the additional malware discovered as “a small persistence backdoor in the form of a DLL file,” referring to a Dynamic Link Library. Files with a “.DLL” extension are commonly found in Windows.

Unlike the original attack, “this malicious DLL does not have a digital signature, which suggests that this may be unrelated” to the first attack, Microsoft explained.

Redmond, Wash.-based Microsoft has not identified the malware by name, but analysis by security researchers at Palo Alto Networks refer to it as “Supernova.”

There’s been some confusion because security researchers thought that Supernova was possibly tied to the first attack, according to ZDNet. However, the news outlet reported that is not the case, citing a follow-up analysis from Microsoft’s security teams. The upshot is companies that have SolarWinds with Supernova need to handle it as a separate attack.

Experts believe there is more to be uncovered about the attacks and how widespread they were. 

“There is still much we don’t know, including exactly how the supply chain hack was accomplished, what other vectors were used besides SolarWinds, how many victims were impacted, what the adversary’s objectives were and what information they were able to obtain, what they will do with that information, and more,” Suzanne Spaulding, advisor to Nozomi Networks and former DHS undersecretary of cyber and infrastructure, said in a statement sent to Fox News. “Removing this threat will be a battle. This is not an adversary that runs away once detected. They will fight to maintain a persistent presence, even returning once booted out.” 

Fox News has contacted SolarWinds for comment.

Source link



Africa,728,Americas,3907,Art & Culture,14221,Arts,6333,Arts & Design,1524,Asia,3114,Automobile,415,Baseball,501,Basketball,401,Books,3725,Business,5166,Celebrity,2592,Cricket,605,Crime,121,Cryptocurrency,1388,Dance,586,Defense,796,Diplomatic Relations,2450,Economy,1008,Editorial,260,Education,1117,Elections,290,Energy & Environment,2988,Entertainment,22083,Environment,3468,Europe,4063,Faith & Religion,205,Family & Life,775,Fashion & Style,3085,Finance,18971,Food & Drink,3575,Football,1026,Games,74,Gossip,10245,Health & Fitness,3916,Health Care,870,Hockey,181,Home & Garden,880,Humour,950,Latin America,49,Lifestyle,16224,Media,490,Middle East,1398,Movies,1581,Music,2485,Opinion,2732,Other,11224,Other Sports,4867,Political News,11235,Political Protests,2279,Politics,17277,Real Estate,1686,Relationship,63,Retail,3069,Science,2472,Science & Tech,9483,Soccer,159,Space & Cosmos,275,Sports,11397,Technology,3268,Tennis,504,Theater,1561,Transportation,275,Travel,2437,TV,3528,US Sports,1434,Video News,3531,War & Conflict,1025,Weird News,953,World,15562,
Newsrust: Second hacking group suspected in massive SolarWinds attack
Second hacking group suspected in massive SolarWinds attack
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content