Quote:There had been hints that a second group of malicious actors may have exploited a SolarWinds bug to install the Supernova backdoor — notably, there was a conclusion by Microsoft back in December that this was the case. Now, sources told Reuters that there’s indeed evidence that a separate advanced persistent threat (APT), likely China-backed, is behind the malware.
 
Reuters reported that the group targeted a Department of Agriculture payroll system, called the National Finance Center (NFA). According to Reuters, the APT’s infrastructure used in the USDA attack matches that known to be deployed by government-backed Chinese actors.
 
The group used a “separate vulnerability” from the Sunburst backdoor that was at the heart of the sprawling espionage campaign that came to light in December, according to Reuters. That original effort (a Russian APT is believed to be responsible) used trojanized software updates for the SolarWinds Orion network-management platform to disseminate the Sunburst malware to SolarWinds customers in a supply-chain attack. The threat actors then used that initial compromise to perform follow-on espionage attacks on selected targets.