Security News > 2021 > February > Second SolarWinds Attack Group Breaks into USDA Payroll — Report

Second SolarWinds Attack Group Breaks into USDA Payroll — Report
2021-02-03 21:22

There had been hints that a second group of malicious actors may have exploited a SolarWinds bug to install the Supernova backdoor - notably, there was a conclusion by Microsoft back in December that this was the case.

That original effort used trojanized software updates for the SolarWinds Orion network-management platform to disseminate the Sunburst malware to SolarWinds customers in a supply-chain attack.

"The first was a malicious, unsigned webshell DLL, 'app web logoimagehandler.ashx.b6031896.dll,' specifically written to be used on the SolarWinds Orion platform. The second is the utilization of a vulnerability in the Orion platform to enable deployment of the malicious code. This vulnerability in the Orion platform has been resolved in the latest updates."

First, a USDA spokesman told Reuters, "USDA has notified all customers whose data has been affected by the SolarWinds Orion code compromise."

After Reuters published its story, it was updated with a follow-up statement from USDA correcting its earlier response, adding "There was no data breach related to SolarWinds."

USDA's hack brings the tally of compromised federal agencies related SolarWinds to at least seven.


News URL

https://threatpost.com/second-solarwinds-attack-group-usda-payroll/163635/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 44 0 80 95 40 215