Security researchers have found a second hack in the SolarWinds Orion software. The hack is less advanced and, according to the researchers, was carried out by a different group.
The second hack, which has been given the name Supernova, is a .NET web shell, ZDNet writes. Attackers used it to download, compile and execute malicious Powershell scripts in infected computers. Initially, researchers thought it was part of the other SolarWinds hack, but further analysis by Microsoft showed it to be a stand-alone attack.
Just like the Sunburst hack, Supernova disguised itself as a DLL file in the Orion application. Unlike Sunburst, Supernova’s DLL file is not digitally signed by SolarWinds. This strongly suggests that it is another, less advanced attack.
Companies that have fallen victim to this new attack are advised to consider it as a stand-alone attack. The earlier hack, in which some versions of SolarWinds Orion were infected with the Sunburst code, has little to do with it.
Various organisations have fallen victim to Sunburst. These include a large number of US government agencies and hundreds of companies on the US Fortune 500 list. A total of some 18,000 computers were infected with the code. It is not known what kind of damage the Supernova code has caused. Even Microsoft was also hit by SolarWinds hack.