A separate threat actor may have been abusing SolarWinds Orion software to drop a similar persistent backdoor on target systems. Unlike the Sunburst DLL, Supernova is not signed with a legitimate SolarWind’s digital certificate. The new malware is compiled and executed in-memory, permitting the attacker to bypass endpoint detection and response systems. The number of infected victims remains unknown at this time, but it has steadily increased since cybersecurity firm FireEye revealed it had been breached via the company’s software early this month.
Source: https://thehackernews.com/2020/12/a-second-hacker-group-may-have-also.html