CISA Identifies SUPERNOVA Malware During Incident Response – Experts Insight

CISA (The Cybersecurity and Infrastructure Security Agency) issued another Pulse Secure alert today regarding SUPERNOVA, an advanced persistent threat (APT) actor’s long-term compromise of an entity’s enterprise network. The threat actor connected to the entity’s network via a Pulse Secure virtual private network (VPN) appliance, moved laterally to its SolarWinds Orion server, installed malware referred to by security researchers as SUPERNOVA (a .NET webshell), and collected credentials.

Experts Comments

April 23, 2021
Ben Read
Director of Analysis
Mandiant Threat Intelligence

The SUPERNOVA incident described in the CISA alert adds a significant amount to our knowledge about the activity accompanying this malware. The activity they describe is stealthy and shows great care for operational security. In particular they use compromised residential routers in the U.S. would make tracking activity more difficult.

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.