{"id":139694,"date":"2020-12-22T23:53:13","date_gmt":"2020-12-22T20:53:13","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/second-hacking-group-suspected-in-massive-solarwinds-attack\/"},"modified":"2020-12-22T23:53:13","modified_gmt":"2020-12-22T20:53:13","slug":"second-hacking-group-suspected-in-massive-solarwinds-attack","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/second-hacking-group-suspected-in-massive-solarwinds-attack\/","title":{"rendered":"#Second hacking group suspected in massive SolarWinds attack"},"content":{"rendered":"<p>&#8220;<strong>#Second hacking group suspected in massive SolarWinds attack<\/strong>&#8221;<br \/>\n<img decoding=\"async\" src=\"https:\/\/nypost.com\/wp-content\/uploads\/sites\/2\/2020\/12\/hacker-feature.jpg?quality=90&amp;strip=all\" \/><\/p>\n<div>\n<p>There may be another group of\u00a0hackers\u00a0at work in the wake of <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.foxnews.com\/tech\/foreign-hacking-public-private-entities-breached\">the\u00a0devastating\u00a0SolarWinds attack.<\/a><\/p>\n<p><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/12\/18\/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect\/\">A Microsoft\u00a0blog<\/a>\u00a0hints at a second hacking attempt not related to the initial hack of the SolarWinds software.\u00a0<\/p>\n<p>In that first attack, Russian actors hacked software updates for popular network monitoring tool SolarWinds Orion, described as a \u201csupply chain\u201d hack. As a result, multiple government agencies were breached. A\u00a0number of Big Tech companies have also installed SolarWinds software, including Cisco, Intel\u00a0and VMware, according to\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.wsj.com\/articles\/solarwinds-hack-victims-from-tech-companies-to-a-hospital-and-university-11608548402\">The Wall Street Journal<\/a>.<\/p>\n<p>\u201cIn an interesting turn of events, the investigation of the whole SolarWinds compromise led to the discovery of an additional malware,\u201d Microsoft said in the\u00a0post.<\/p>\n<p>In all, the attack could have impacted as many as 18,000 of SolarWinds\u2019 customers, the company said.\u00a0<\/p>\n<p>Despite the second attack going after SolarWinds\u2019 Orion product, Microsoft determined it is \u201clikely unrelated to this compromise and used by a different threat actor,\u201d widely assumed to be another cybercriminal organization.\u00a0<\/p>\n<p>In the blog post, Microsoft described the additional malware discovered as \u201ca small persistence backdoor in the form of a DLL file,\u201d referring to a Dynamic Link Library. Files with a \u201c.DLL\u201d extension are\u00a0commonly found in Windows.<\/p>\n<p>Unlike the original attack, \u201cthis malicious DLL does not have a digital signature, which suggests that this may be unrelated\u201d to the first attack, Microsoft explained.<\/p>\n<p>Redmond, Wash.-based Microsoft has not identified\u00a0the malware by name, but\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/unit42.paloaltonetworks.com\/solarstorm-supernova\/\">analysis\u00a0by security researchers<\/a> at Palo Alto Networks refer to it as \u201cSupernova.\u201d<\/p>\n<p>There\u2019s been some confusion because security researchers thought that Supernova was possibly tied to the first attack, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.zdnet.com\/article\/a-second-hacking-group-has-targeted-solarwinds-systems\/\">according to\u00a0ZDNet<\/a>. However, the <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">news<\/a> outlet reported that is not the case, citing a follow-up analysis from Microsoft\u2019s security teams. The upshot is\u00a0companies that have SolarWinds with Supernova need to handle it as a separate attack.<\/p>\n<p>Experts believe there is more to be uncovered about the attacks and how widespread they were.\u00a0<\/p>\n<p>\u201cThere is still much we don\u2019t know, including exactly how the supply chain hack was accomplished, what other vectors were used besides SolarWinds, how many victims were impacted, what the adversary\u2019s objectives were and what information they were able to obtain, what they will do with that information, and more,\u201d Suzanne Spaulding, advisor to Nozomi Networks and former DHS undersecretary of cyber and infrastructure, said in a statement sent to Fox News. \u201cRemoving this threat will be a battle. This is not an adversary that runs away once detected. They will fight to maintain a persistent presence, even returning once booted out.\u201d\u00a0<\/p>\n<p>Fox News has contacted SolarWinds for comment.\n            <\/p><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more News articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/news\/\" target=\"_blank\" rel=\"noopener\">News category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/nypost.com\/2020\/12\/22\/second-hacking-group-suspected-in-massive-solarwinds-attack\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#Second hacking group suspected in massive SolarWinds attack&#8221; There may be another group of\u00a0hackers\u00a0at work in the wake of the\u00a0devastating\u00a0SolarWinds attack. A Microsoft\u00a0blog\u00a0hints at a second hacking attempt not related to the initial hack of the SolarWinds software.\u00a0 In that first attack, Russian actors hacked software updates for popular network monitoring tool SolarWinds Orion, described&#8230;<\/p>\n","protected":false},"author":1,"featured_media":139695,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/nypost.com\/wp-content\/uploads\/sites\/2\/2020\/12\/hacker-feature.jpg?quality=90&strip=all&w=1200","fifu_image_alt":"","footnotes":""},"categories":[70897],"tags":[75857,87405,70944,4975],"class_list":["post-139694","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-malware","tag-12-22-20","tag-hackers","tag-russia"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/139694","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=139694"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/139694\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/139695"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=139694"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=139694"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=139694"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}