Second hacking group suspected in massive SolarWinds attack

[r2d2]

A  Microsoft blog hints at a second hacking attempt not related to the initial hack of the SolarWinds software. 

In that first attack, Russian actors hacked software updates for popular network monitoring tool SolarWinds Orion, described as a "supply chain" hack. As a result, multiple government agencies were breached. A number of Big Tech companies have also installed SolarWinds software, including Cisco, Intel and VMware, according to The Wall Street Journal.

"In an interesting turn of events, the investigation of the whole SolarWinds compromise led to the discovery of an additional malware," Microsoft said in the post.

In all, the attack could have impacted as many as 18,000 of SolarWinds' customers, the company said. 

Despite the second attack going after SolarWinds' Orion product, Microsoft determined it is "likely unrelated to this compromise and used by a different threat actor," widely assumed to be another cybercriminal organization. 

In the blog post, Microsoft described the additional malware discovered as "a small persistence backdoor in the form of a DLL file," referring to a Dynamic Link Library. Files with a ".DLL" extension are commonly found in Windows.