A ‘different threat actor’ may be responsible for the malware known as Supernova that has been found installed in SolarWinds Orion.
An investigation suggests that more than one group has installed a malicious backdoor into the SolarWinds Orion network monitoring platform, with the malware apparently “unrelated” to the initial supply chain compromise, Microsoft disclosed.
In a blog post by the Microsoft 365 Defender Research Team, the company reported that a “different threat actor” appears to be responsible for installing the malware that some researchers have referred to by the name Supernova.
The revelation that a second group may have succeeded at breaching SolarWinds obviously makes the situation even more troubling, said Dave Mahoney, enterprise services architect at Blue Bell, Pa.-based Anexinet, No. 212 on CRN’s Solution Provider 500.
While an often-repeated maxim about security is that there are two types of companies—those who’ve been hacked, and those who’ve been hacked but don’t know it yet—SolarWinds actually falls into both categories right now, Mahoney said.
“If there’s one [backdoor] in there, that’s one thing. But now that there’s two—and somebody else is finding these things and not them–that shows a significant lack of control as far as I’m concerned,” he told CRN on Monday. “If there are two, could there be more? Sure.”
Ultimately, for SolarWinds, “I think they need to start having some very serious forensic analysis done of their network and perimeter security. And they need to start taking a look at what they can do to get their development operations tightened up and secure,” Mahoney said.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
|cookielawinfo-checbox-analytics||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".|
|cookielawinfo-checbox-functional||11 months||The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".|
|cookielawinfo-checbox-others||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.|
|cookielawinfo-checkbox-necessary||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".|
|cookielawinfo-checkbox-performance||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".|
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.