Security News > 2020 > December > New SUPERNOVA backdoor found in SolarWinds cyberattack analysis

New SUPERNOVA backdoor found in SolarWinds cyberattack analysis
2020-12-21 09:17

While analyzing artifacts from the SolarWinds Orion supply-chain attack, security researchers discovered another backdoor that is likely from a second threat actor.

The analysis shows that the threat actor added in the legitimate SolarWinds file four new parameters to receive signals from the command and control infrastructure.

Based on the findings of the investigation, SUPERNOVA bears the hallmarks of an advanced hacking group that took compromise via a webshell to a new level.

"In an interesting turn of events, the investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor" - Microsoft.

One argument for this theory is that SUPERNOVA does not have a digital signature, unlike the initially discovered SunBurst/Solarigate malware that trojanized the SolarWinds.


News URL

https://www.bleepingcomputer.com/news/security/new-supernova-backdoor-found-in-solarwinds-cyberattack-analysis/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 45 1 84 103 43 231