Microsoft identifies second hacking group affecting SolarWinds software

Microsoft revealed that a second hacking group had deployed malicious code that affects software made by SolarWinds, the federal contractor at the center of a suspected Russian espionage campaign against multiple U.S. government agencies.

“[T]he investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor,” a Microsoft research team said in a blog post on Friday.

The discovery underscores the extent to which Texas-based SolarWinds, whose software is used throughout Fortune 500 companies, is a valuable target for hackers.

The newly revealed malware, known to researchers as Supernova, differs from the alleged Russian tampering because it does not appear to involve a compromise of the supply chain, Microsoft said. The Supernova code does, however, allow an attacker to send and execute a malicious program on the victim’s device, Microsoft said.