Security News > 2020 > December > New Zero-Day, Malware Indicate Second Group May Have Targeted SolarWinds
A piece of malware named by researchers Supernova and a zero-day vulnerability exploited to deliver this malware indicate that SolarWinds may have been targeted by a second, unrelated threat actor.
"In an interesting turn of events, the investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor," Microsoft said in a recent blog post mentioning Supernova.
"SUPERNOVA is not malicious code embedded within the builds of our Orion Platform as a supply chain attack. It is malware that is separately placed on a server that requires unauthorized access to a customer's network and is designed to appear to be part of a SolarWinds product," SolarWinds said in an updated advisory.
It's believed that a Russian state-sponsored threat group is behind the SolarWinds supply chain attack - although, U.S. President Donald Trump has suggested that it may have been a Chinese group.
Texas-based SolarWinds said the supply chain attack may have impacted up to 18,000 customers of its Orion product, but an analysis of the domain generation algorithm used by the Sunburst malware indicated that the attackers may have actually been interested in only a few hundred victims.