A second and unrelated hacking group was likely involved in the massive SolarWinds breach, according to Microsoft.
The investigation into the digital compromise led to the discovery of “an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise,” according to a blog post by Microsoft published on Friday. They noted that the malware was likely “used by a different threat actor.”
The investigation by Microsoft revealed that the second and different hack did not have a “digital signature,” unlike the hack disclosed last week, which has been attributed to Russia by many government and intelligence officials.
SolarWinds, a third-party software contractor, announced last week that its systems had been compromised by hackers who managed to penetrate the company’s Orion software updates and distribute malware to the computers of its customers.
Microsoft noted that the investigation into the original hack is still ongoing and the full extent of the compromise has yet to be determined, however, they discovered that “the addition of a few benign-looking lines of code … spelled a serious threat to organizations using the affected product, a widely used IT administration software used across verticals, including government and the security industry.”
The malicious codes were inserted into the platform’s backdoor, which is composed of nearly 4,000 lines of code that “allowed the threat actor behind the attack to operate unfettered in the compromised networks.”
The Cybersecurity and Infrastructure Security Agency said the SolarWinds hack was more massive than initially presumed. The Department of Homeland Security said, “This threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations.”
The Office of the Director of National Intelligence, CISA, and the FBI have branded the cyberattack as “significant and ongoing.” In a joint statement, the agencies said that while they “continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government.”
