Security News > 2021 > February > Second SolarWinds Attack Group Breaks into USDA Payroll — Report
There had been hints that a second group of malicious actors may have exploited a SolarWinds bug to install the Supernova backdoor - notably, there was a conclusion by Microsoft back in December that this was the case.
That original effort used trojanized software updates for the SolarWinds Orion network-management platform to disseminate the Sunburst malware to SolarWinds customers in a supply-chain attack.
"The first was a malicious, unsigned webshell DLL, 'app web logoimagehandler.ashx.b6031896.dll,' specifically written to be used on the SolarWinds Orion platform. The second is the utilization of a vulnerability in the Orion platform to enable deployment of the malicious code. This vulnerability in the Orion platform has been resolved in the latest updates."
First, a USDA spokesman told Reuters, "USDA has notified all customers whose data has been affected by the SolarWinds Orion code compromise."
After Reuters published its story, it was updated with a follow-up statement from USDA correcting its earlier response, adding "There was no data breach related to SolarWinds."
USDA's hack brings the tally of compromised federal agencies related SolarWinds to at least seven.
News URL
https://threatpost.com/second-solarwinds-attack-group-usda-payroll/163635/
Related news
- Keytronic reports losses of over $17 million after ransomware attack (source)
- DDoS Attacks Surge 46% in First Half of 2024, Gcore Report Reveals (source)
- CISA warns critical SolarWinds RCE bug is exploited in attacks (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)