Security News > 2021 > January > SolarWinds mess that flared in the holidays: Biz confirms malware targeted crocked Orion product

On New Year's Eve, SolarWinds confirmed that it has identified malware that exploited the flaws introduced to Orion products.

We already knew about "SUNBURST", the attack that poisoned Orion.

SolarWinds' pre-party post revealed that "SUPERNOVA" is "Malware that is separately placed on a server that requires unauthorized access to a customer's network and is designed to appear to be part of a SolarWinds product."

"The SUPERNOVA malware consisted of two components," says SolarWinds' advisory.

"The first was a malicious, unsigned webshell.dll 'app web logoimagehandler.ashx.b6031896.dll' specifically written to be used on the SolarWinds Orion Platform. The second is the utilization of a vulnerability in the Orion Platform to enable deployment of the malicious code. This vulnerability in the Orion Platform has been resolved in the latest updates."

December 30th supplemental guidance from the USA's Cybersecurity and Infrastructure Security Agency not only ordered 24-hour upgrades to clean versions of Orion but promised to "Follow up with additional supplemental guidance, to include further clarifications and hardening requirements." .

News URL

https://go.theregister.com/feed/www.theregister.com/2021/01/04/solarwinds_malware_confirmed/