CISA Identifies SUPERNOVA Malware During Incident Response – Experts Insight

By   ISBuzz Team
Writer , Information Security Buzz | Apr 23, 2021 04:38 am PST

CISA (The Cybersecurity and Infrastructure Security Agency) issued another Pulse Secure alert today regarding SUPERNOVA, an advanced persistent threat (APT) actor’s long-term compromise of an entity’s enterprise network. The threat actor connected to the entity’s network via a Pulse Secure virtual private network (VPN) appliance, moved laterally to its SolarWinds Orion server, installed malware referred to by security researchers as SUPERNOVA (a .NET webshell), and collected credentials.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Ben Read
Ben Read , Director of Analysis
InfoSec Expert
April 23, 2021 12:40 pm

<p><span style=\"color: #000000; font-family: arial, sans-serif;\">The SUPERNOVA incident described in the CISA alert adds a significant amount to our knowledge about the activity accompanying this malware. The activity they describe is stealthy and shows great care for operational security. In particular they use compromised residential routers in the U.S. would make tracking activity more difficult.</span></p>

Last edited 2 years ago by Ben Read

Recent Posts

Would love your thoughts, please comment.x