CISA Identifies SUPERNOVA Malware During Incident Response – Experts Insight

CISA (The Cybersecurity and Infrastructure Security Agency) issued another Pulse Secure alert today regarding SUPERNOVA, an advanced persistent threat (APT) actor’s long-term compromise of an entity’s enterprise network. The threat actor connected to the entity’s network via a Pulse Secure virtual private network (VPN) appliance, moved laterally to its SolarWinds Orion server, installed malware referred to by security researchers as SUPERNOVA (a .NET webshell), and collected credentials.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Ben Read
Ben Read , Director of Analysis
InfoSec Expert
April 23, 2021 12:40 pm

<p><span style=\"color: #000000; font-family: arial, sans-serif;\">The SUPERNOVA incident described in the CISA alert adds a significant amount to our knowledge about the activity accompanying this malware. The activity they describe is stealthy and shows great care for operational security. In particular they use compromised residential routers in the U.S. would make tracking activity more difficult.</span></p>

Last edited 1 year ago by Ben Read
1
0
Would love your thoughts, please comment.x
()
x