April 22, CISA (Cybersecurity Infrastructure Security Agency) released a brief about new malware. CISA recently responded to an advanced persistent threat (APT) actor’s long-term compromise of an entity’s enterprise network, which began in at least March 2020. The threat actor connected to the entity’s network via a Pulse Secure virtual private network (VPN) appliance, moved laterally to its SolarWinds Orion server, installed malware referred to by security researchers as SUPERNOVA (a .NET webshell), and collected credentials.
Supernova is a malware webshell that allows operators to inject C# source code into a web portal that injects malicious code. Supernova is used to conduct reconnaissance, domain mapping, and steal information and credentials. It is camouflaged as a part of SolarWinds Orion Server, so it is harder to find when looking for Malware. If you are using a SolarWinds Server for your company, it is key that you regularly check for malware because you could be at risk for compromisation.
By Mainstreet2|
2021-05-04T14:09:25+00:00 May 4th, 2021|Uncategorized|Comments Off on CISA Detects SuperNova Malware
Recent Comments