“The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor,” the blog said.
Security experts told Reuters this second effort is known as “SUPERNOVA.” It is a piece of malware that imitates SolarWinds’ Orion product but it is not “digitally signed” like the other attack, suggesting this second group of hackers did not share access to the network management company’s internal systems.
Why aren’t we hearing about that? We only hear about Russia! Russia! Russia! Were the second team of hackers Russians? Why don’t we know?
Does it matter who hacks? China and Iran are also targeting us. They are all bad actors.
"While malicious, SUPERNOVA has not been currently tied to the UNC2452 SolarWinds compromise"
Compile time: 2020-03-24 09:16:10
— Chris Bing (@Bing_Chris) December 19, 2020