SuperNova Malware | Breaking Cybersecurity News | The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed details of a new advanced persistent threat (APT) that's leveraging the Supernova backdoor to compromise SolarWinds Orion installations after gaining access to the network through a connection to a Pulse Secure VPN device. "The threat actor connected to the entity's network via a Pulse Secure virtual private network (VPN) appliance, moved laterally to its SolarWinds Orion server, installed malware referred to by security researchers as SUPERNOVA (a .NET web shell), and collected credentials," the agency  said  on Thursday. CISA said it identified the threat actor during an incident response engagement at an unnamed organization and found that the attacker had access to the enterprise's network for nearly a year through the use of the VPN credentials between March 2020 and February 2021. Interestingly, the adversary is said to have used valid accounts that had multi-factor authent...