Microsoft: A 2nd Group May Have Also Breached SolarWinds
A ‘different threat actor’ may be responsible for the malware known as Supernova that has been found installed in SolarWinds Orion.
An investigation suggests that more than one group has installed a malicious backdoor into the SolarWinds Orion network monitoring platform, with the malware apparently “unrelated” to the initial supply chain compromise, Microsoft disclosed.
In a blog post by the Microsoft 365 Defender Research Team, the company reported that a “different threat actor” appears to be responsible for installing the malware that some researchers have referred to by the name Supernova.
The revelation that a second group may have succeeded at breaching SolarWinds obviously makes the situation even more troubling, said Dave Mahoney, enterprise services architect at Blue Bell, Pa.-based Anexinet, No. 212 on CRN’s Solution Provider 500.
While an often-repeated maxim about security is that there are two types of companies—those who’ve been hacked, and those who’ve been hacked but don’t know it yet—SolarWinds actually falls into both categories right now, Mahoney said.
“If there’s one [backdoor] in there, that’s one thing. But now that there’s two—and somebody else is finding these things and not them–that shows a significant lack of control as far as I’m concerned,” he told CRN on Monday. “If there are two, could there be more? Sure.”
Ultimately, for SolarWinds, “I think they need to start having some very serious forensic analysis done of their network and perimeter security. And they need to start taking a look at what they can do to get their development operations tightened up and secure,” Mahoney said.