Microsoft: A 2nd Group May Have Also Breached SolarWinds

A ‘different threat actor’ may be responsible for the malware known as Supernova that has been found installed in SolarWinds Orion.

An investigation suggests that more than one group has installed a malicious backdoor into the SolarWinds Orion network monitoring platform, with the malware apparently “unrelated” to the initial supply chain compromise, Microsoft disclosed.

In a blog post by the Microsoft 365 Defender Research Team, the company reported that a “different threat actor” appears to be responsible for installing the malware that some researchers have referred to by the name Supernova.

The revelation that a second group may have succeeded at breaching SolarWinds obviously makes the situation even more troubling, said Dave Mahoney, enterprise services architect at Blue Bell, Pa.-based Anexinet, No. 212 on CRN’s Solution Provider 500.

While an often-repeated maxim about security is that there are two types of companies—those who’ve been hacked, and those who’ve been hacked but don’t know it yet—SolarWinds actually falls into both categories right now, Mahoney said.

“If there’s one [backdoor] in there, that’s one thing. But now that there’s two—and somebody else is finding these things and not them–that shows a significant lack of control as far as I’m concerned,” he told CRN on Monday. “If there are two, could there be more? Sure.”

Ultimately, for SolarWinds, “I think they need to start having some very serious forensic analysis done of their network and perimeter security. And they need to start taking a look at what they can do to get their development operations tightened up and secure,” Mahoney said.

Read the full article at CRN.com »

Have industry news sent right to your Inbox

Name

Email*

Comments

This field is for validation purposes and should be left unchanged.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Microsoft: A 2nd Group May Have Also Breached SolarWinds

Lack Of Monitoring In SolarWinds Hack Is ‘Scary’

CRN Honors 3 Anexinet Next-Gen Solution Provider Leaders