The Cybersecurity and Infrastructure Security Agency has issued a report on the “Supernova” malware that threat actors used to impact SolarWinds’ Orion information technology management tool and breach critical user data.
CISA said Wednesday that the new malware analysis includes indicators of compromise to help IT teams study malicious artifacts related to the malware.
SolarWinds previously reported that hackers placed the Supernova attack into systems housing the Orion tool and that the malware is not embedded on the product’s supply chain, according to CISA’s guidance.
FireEye, which identified the Supernova attack, found that the hackers used the steganography obfuscation approach as well as token-spoofing to manipulate system communications through Orion, according to a prior report.
CISA has been “aware of compromises” resulting from the Orion attack which reportedly began in March 2020, the agency noted.