{"id":38814,"date":"2020-12-21T16:38:18","date_gmt":"2020-12-21T16:38:18","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/31868\/A-Second-Hacking-Group-Has-Targeted-SolarWinds-Systems.html"},"modified":"2020-12-21T16:38:18","modified_gmt":"2020-12-21T16:38:18","slug":"a-second-hacking-group-has-targeted-solarwinds-systems","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/a-second-hacking-group-has-targeted-solarwinds-systems\/","title":{"rendered":"A Second Hacking Group Has Targeted SolarWinds Systems"},"content":{"rendered":"<figure class=\"image image-original shortcode-image\"><span class=\"img aspect-set \"><img decoding=\"async\" src=\"https:\/\/zdnet2.cbsistatic.com\/hub\/i\/2019\/06\/18\/09ca6d5b-3006-4804-8b08-15415c031124\/this-datastealing-malware-has-returned-w-5d078bf42f64e300ed7869b6-1-jun-18-2019-22-01-27-poster.jpg\" class alt=\"this-datastealing-malware-has-returned-w-5d078bf42f64e300ed7869b6-1-jun-18-2019-22-01-27-poster.jpg\"><\/span><figcaption><span class=\"caption\"><\/span><\/figcaption><\/figure>\n<p>As forensic evidence is slowly being unearthed in the aftermath of the SolarWinds supply chain attack, security researchers have discovered a second threat actor that has exploited the SolarWinds software to plant malware on corporate and government networks.<\/p>\n<p>Details about this second threat actor are still scarce, but security researchers don&#8217;t believe this second entity is related to the suspected Russian government-backed hackers who breached SolarWinds to insert malware inside its official Orion app.<\/p>\n<p>The malware used in the original attack, codenamed Sunburst (or Solorigate), was delivered to SolarWinds customers as a boobytrapped update for the Orion app.<\/p>\n<p>On infected networks, the malware would ping its creators and then download a second stage-phase backdoor trojan named Teardrop that allowed attackers to start a hands-on-keyboard session, also known as a human-operated attack.<\/p>\n<figure class=\"image image-original shortcode-image\"><span class=\"img aspect-set \"><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/article\/a-second-hacking-group-has-targeted-solarwinds-systems\/\" class=\"lazy\" alt=\"solorigate-attack-chain.png\" height=\"auto\" width=\"1200\" data-original=\"https:\/\/zdnet3.cbsistatic.com\/hub\/i\/r\/2020\/12\/21\/b96dbe43-31ff-4030-a4ab-091cfd0db9be\/resize\/1200xauto\/5fe5a4052bf084ae91667c45a7ecee7d\/solorigate-attack-chain.png\"><\/span><noscript><span class=\"img aspect-set \"><img decoding=\"async\" src=\"https:\/\/zdnet3.cbsistatic.com\/hub\/i\/r\/2020\/12\/21\/b96dbe43-31ff-4030-a4ab-091cfd0db9be\/resize\/1200xauto\/5fe5a4052bf084ae91667c45a7ecee7d\/solorigate-attack-chain.png\" class alt=\"solorigate-attack-chain.png\" height=\"auto\" width=\"1200\"><\/span><\/noscript><figcaption><span class=\"caption\"><\/span><span class=\"credit\"> Image: Microsoft <\/span><\/figcaption><\/figure>\n<p>But in the first few days following the&nbsp;<a href=\"https:\/\/www.zdnet.com\/article\/microsoft-fireeye-confirm-solarwinds-supply-chain-attack\/\" target=\"_blank\" rel=\"noopener noreferrer\">public disclosure of the SolarWinds hack<\/a>, initial reports mentioned two second-stage payloads.<\/p>\n<p>Reports from&nbsp;<a href=\"https:\/\/www.guidepointsecurity.com\/supernova-solarwinds-net-webshell-analysis\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Guidepoint<\/a>,&nbsp;<a href=\"https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/sunburst-supply-chain-attack-solarwinds\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Symantec<\/a>, and&nbsp;<a href=\"https:\/\/unit42.paloaltonetworks.com\/solarstorm-supernova\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Palo Alto Networks<\/a>&nbsp;detailed how attackers were also planting a .NET web shell named&nbsp;<em>Supernova<\/em>.<\/p>\n<p>Security researchers believed attackers were using the Supernova web shell to download, compile, and execute a malicious Powershell script (which some have named&nbsp;<em>CosmicGale<\/em>).<\/p>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_zd_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\"> <\/section>\n<p>However, in follow-up analysis from Microsoft&#8217;s security teams, it&#8217;s been now clarified that the Supernova web shell was not part of the original attack chain.<\/p>\n<p><strong>Companies that find Supernova on their SolarWinds installations need to treat this incident as a separate attack.<\/strong><\/p>\n<p>According to a&nbsp;<a href=\"https:\/\/versprite.com\/blog\/security-research\/exploitation-of-remote-services\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">post on GitHub<\/a>&nbsp;by Microsoft security analyst Nick Carr, the Supernova web shell appears to be planted on SolarWinds Orion installations that have been left exposed online and have been left unptched and vulnerable to a vulnerability tracked as&nbsp;<a href=\"https:\/\/versprite.com\/blog\/security-research\/exploitation-of-remote-services\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">CVE-2019-8917<\/a>.<\/p>\n<figure class=\"media-source\">\n<div class=\"twitterContainer\" readability=\"6.5881458966565\">\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\" readability=\"7.0273556231003\">\n<p lang=\"en\" dir=\"ltr\">This is excellent analysis of a webshell!<br \/>However, SUPERNOVA &amp; COSMICGALE are unrelated to this intrusion campaign.<br \/>You should definitely investigate them separately bc they are interesting \u2013 but don\u2019t let it distract from the SUNBURST intrusions.<br \/>Details: <a href=\"https:\/\/t.co\/6FA6VlABV3\" rel=\"noopener noreferrer nofollow\" target=\"_blank\" data-component=\"externalLink\">https:\/\/t.co\/6FA6VlABV3<\/a><\/p>\n<p>\u2014 Nick Carr (@ItsReallyNick) <a href=\"https:\/\/twitter.com\/ItsReallyNick\/status\/1339530685548290051?ref_src=twsrc%5Etfw\" rel=\"noopener noreferrer\" target=\"_blank\" data-component=\"externalLink\">December 17, 2020<\/a><\/p><\/blockquote><\/div>\n<\/figure>\n<p>The confusion that Supernova was related to the Sunburst+Teardrop attack chain came from the fact that just like Sunburst, Supernova was disguised as a DLL for the Orion app \u2014 with Sunburst being hidden inside the&nbsp;<em>SolarWinds.Orion.Core.BusinessLayer.dll<\/em>&nbsp;file and Supernova inside&nbsp;<em>App_Web_logoimagehandler.ashx.b6031896.dll<\/em>.<\/p>\n<p>But in an&nbsp;<a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/12\/18\/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect\/\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\">analysis posted late Friday<\/a>, on December 18, Microsoft said that unlike the Sunburst DLL, the Supernova DLL was not signed with a legitimate SolarWinds digital certificate.<\/p>\n<p>The fact that Supernova was not signed was deemed extremely uncharacteristic for the attackers, who until then showed a very high degree of sophistication and attention to detail in their operation.<\/p>\n<p>This included spending months undetected in SolarWinds&#8217; internal network,&nbsp;<a href=\"https:\/\/blog.reversinglabs.com\/blog\/sunburst-the-next-level-of-stealth\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">adding dummy buffer code<\/a>&nbsp;to the Orion app in advance disguise the addition of malicious code later, and disguising their malicious code to&nbsp;<a href=\"https:\/\/twitter.com\/KyleHanslovan\/status\/1338859314962829312\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\">make it look like SolarWinds devs wrote it themselves<\/a>.<\/p>\n<p>All of this seemed like too much of a glaring mistake that the initial attackers wouldn&#8217;t have done, and, as a result, Microsoft believes that this malware is unrelated to the original SolarWinds supply chain attack.<\/p>\n<div class=\"relatedContent alignNone\">\n<h3 class=\"heading\"> <span class=\"int\">SolarWinds Coverage<\/span> <\/h3>\n<\/p><\/div>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/31868\/A-Second-Hacking-Group-Has-Targeted-SolarWinds-Systems.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":38815,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[9111],"class_list":["post-38814","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinehackergovernmentprivacymalwaredata-lossflawbackdoor"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>A Second Hacking Group Has Targeted SolarWinds Systems 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/a-second-hacking-group-has-targeted-solarwinds-systems\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A Second Hacking Group Has Targeted SolarWinds Systems 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/a-second-hacking-group-has-targeted-solarwinds-systems\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-12-21T16:38:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/a-second-hacking-group-has-targeted-solarwinds-systems.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"960\" \/>\n\t<meta property=\"og:image:height\" content=\"540\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-second-hacking-group-has-targeted-solarwinds-systems\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-second-hacking-group-has-targeted-solarwinds-systems\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"A Second Hacking Group Has Targeted SolarWinds Systems\",\"datePublished\":\"2020-12-21T16:38:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-second-hacking-group-has-targeted-solarwinds-systems\\\/\"},\"wordCount\":551,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-second-hacking-group-has-targeted-solarwinds-systems\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/a-second-hacking-group-has-targeted-solarwinds-systems.jpg\",\"keywords\":[\"headline,hacker,government,privacy,malware,data loss,flaw,backdoor\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-second-hacking-group-has-targeted-solarwinds-systems\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-second-hacking-group-has-targeted-solarwinds-systems\\\/\",\"name\":\"A Second Hacking Group Has Targeted SolarWinds Systems 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-second-hacking-group-has-targeted-solarwinds-systems\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-second-hacking-group-has-targeted-solarwinds-systems\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/a-second-hacking-group-has-targeted-solarwinds-systems.jpg\",\"datePublished\":\"2020-12-21T16:38:18+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-second-hacking-group-has-targeted-solarwinds-systems\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-second-hacking-group-has-targeted-solarwinds-systems\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-second-hacking-group-has-targeted-solarwinds-systems\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/a-second-hacking-group-has-targeted-solarwinds-systems.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/a-second-hacking-group-has-targeted-solarwinds-systems.jpg\",\"width\":960,\"height\":540},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-second-hacking-group-has-targeted-solarwinds-systems\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,government,privacy,malware,data loss,flaw,backdoor\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackergovernmentprivacymalwaredata-lossflawbackdoor\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"A Second Hacking Group Has Targeted SolarWinds Systems\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A Second Hacking Group Has Targeted SolarWinds Systems 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/a-second-hacking-group-has-targeted-solarwinds-systems\/","og_locale":"en_US","og_type":"article","og_title":"A Second Hacking Group Has Targeted SolarWinds Systems 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/a-second-hacking-group-has-targeted-solarwinds-systems\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-12-21T16:38:18+00:00","og_image":[{"width":960,"height":540,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/a-second-hacking-group-has-targeted-solarwinds-systems.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/a-second-hacking-group-has-targeted-solarwinds-systems\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/a-second-hacking-group-has-targeted-solarwinds-systems\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"A Second Hacking Group Has Targeted SolarWinds Systems","datePublished":"2020-12-21T16:38:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/a-second-hacking-group-has-targeted-solarwinds-systems\/"},"wordCount":551,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/a-second-hacking-group-has-targeted-solarwinds-systems\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/a-second-hacking-group-has-targeted-solarwinds-systems.jpg","keywords":["headline,hacker,government,privacy,malware,data loss,flaw,backdoor"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/a-second-hacking-group-has-targeted-solarwinds-systems\/","url":"https:\/\/www.threatshub.org\/blog\/a-second-hacking-group-has-targeted-solarwinds-systems\/","name":"A Second Hacking Group Has Targeted SolarWinds Systems 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/a-second-hacking-group-has-targeted-solarwinds-systems\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/a-second-hacking-group-has-targeted-solarwinds-systems\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/a-second-hacking-group-has-targeted-solarwinds-systems.jpg","datePublished":"2020-12-21T16:38:18+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/a-second-hacking-group-has-targeted-solarwinds-systems\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/a-second-hacking-group-has-targeted-solarwinds-systems\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/a-second-hacking-group-has-targeted-solarwinds-systems\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/a-second-hacking-group-has-targeted-solarwinds-systems.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/a-second-hacking-group-has-targeted-solarwinds-systems.jpg","width":960,"height":540},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/a-second-hacking-group-has-targeted-solarwinds-systems\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,government,privacy,malware,data loss,flaw,backdoor","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackergovernmentprivacymalwaredata-lossflawbackdoor\/"},{"@type":"ListItem","position":3,"name":"A Second Hacking Group Has Targeted SolarWinds Systems"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/38814","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=38814"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/38814\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/38815"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=38814"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=38814"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=38814"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}