Microsoft has identified a second hacking group, which the company claims installed backdoors on US-based network software but was different from the alleged Russian team of hackers.
"The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor", Microsoft said in a security blog on Saturday.
Reuters cited unnamed security experts as saying the second backdoor is dubbed "SUPERNOVA", a piece of malware that imitates the Orion product but is not "digitally signed" like the other attack. The SUPERNOVA's malware was reportedly created last March and it remains unclear whether it targeted SolarWinds' customers.
A SolarWinds spokesperson, in turn, did not mention SUPERNOVA in a statement on Saturday, only saying that the company "remains focused on collaborating with customers and experts to share information and work to better understand this issue".
"It remains early days of the investigation", the spokesperson added.
The statement came after reports emerged earlier this week that hundreds of US federal government entities and companies had been targeted in a massive hack attack.
The Washington Post reported that a hacking group called APT29, also known as "the Dukes" or "Cozy Bear", allegedly linked to the Russian government, was likely behind the hacking, but provided no proof of its claims.
US President Donald Trump on Saturday broke his lengthy silence about the breach, suggesting that China may have been responsible.
....discussing the possibility that it may be China (it may!). There could also have been a hit on our ridiculous voting machines during the election, which is now obvious that I won big, making it an even more corrupted embarrassment for the USA. @DNI_Ratcliffe @SecPompeo
— Donald J. Trump (@realDonaldTrump) December 19, 2020
"Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!)", Trump noted in a tweet.
This was preceded by Secretary of State Mike Pompeo accusing "the Russians" of making "a significant effort to use a piece of third-party software to essentially embed code inside of US government systems".
Moscow rejected the accusations, noting that no evidence had been provided to back up the claims of "Russian hackers" attacking the computer systems.
Putin Takes Jab at US Special Services Over 'Russian Hacker' Rumours
The issue was also mentioned by Russian President Vladimir Putin during his annual press conference that was held on Thursday. He suggested the anonymous sources behind the reports of "Russian hackers" are, in fact, the US Department of State and American intelligence agencies.
Last year, a probe conducted by then-US Special Counsel Robert Mueller found that there was no collusion between Trump and Russia ahead of the election.
Putin stressed that the publication of such accusations is a type of of "revenge" and an attempt to influence public opinion in Russia, as well as a pretext to further worsen the already strained relations between Moscow and Washington.