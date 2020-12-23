While a major cyber attack by Russian hackers hit Orion software developed by the American company SolarWinds, Microsoft stated in a blog post that a second group of hackers had targeted the platform.

A very big attack

This is one of the most important cyber espionage cases of all time. He was identified on December 12th by the cybersecurity firm FireEye. To do this, the hackers incorporated code into an update to Orion, management software intended for professionals and used by very big names in the industry, in this case several CAC 40 companies, many US government agencies. Across the Atlantic, finance, energy, trade and national security departments are among the victims of this malware. The latter gave hackers access to a lot of sensitive information, and it’s still difficult to quantify the real impact of the cyberattack called Sunburst.

In the meantime, companies such as Microsoft, Nvidia, Cisco, Intel, Belkin and VMWare have reported that computers in their networks have also been infected. SolarWinds claimed the victims were less than 18,000, which is still a very high number, especially considering who is among them. And now a revelation from Microsoft is getting a little closer to the Austin, Texas-based company.

Orion infected with a second malware

A second group of hackers, the origin of which is not yet known, also targeted SolarWinds: “The investigation of the entire compromised SolarWinds file has revealed additional malware that also affects the SolarWinds product. Orion, which was found to be unlikely to be linked to this attack and was used by another actor, ”states the Redmond company.

This malware called Supernova, created in late March, behaves differently and is less dangerous than Sunburst. It mimics but is not “digitally signed”, suggesting that this second group did not share access to the company’s internal systems like the Russian hackers did. Even if the risk is less, this other malware is the SolarWinds security systems that has been fooled twice.