CISA Releases Analysis of 'Supernova' Malware Linked to SolarWinds Cybersecurity Breach

The Cybersecurity and Infrastructure Security Agency has issued a report on the “Supernova” malware that threat actors used to impact SolarWinds’ Orion information technology management tool and breach critical user data.

CISA said Wednesday that the new malware analysis includes indicators of compromise to help IT teams study malicious artifacts related to the malware.

SolarWinds previously reported that hackers placed the Supernova attack into systems housing the Orion tool and that the malware is not embedded on the product’s supply chain, according to CISA’s guidance.

FireEye, which identified the Supernova attack, found that the hackers used the steganography obfuscation approach as well as token-spoofing to manipulate system communications through Orion, according to a prior report.

CISA has been “aware of compromises” resulting from the Orion attack which reportedly began in March 2020, the agency noted.

Tags:

CISA
Cybersecurity
Cybersecurity and Infrastructure Security Agency
DHS
Executive Mosaic
ExecutiveGov
FireEye
govcon
govcondaily
malware
malware analysis
news
press releases
SolarWinds
supernova
supernova malware

CISA Releases Analysis of ‘Supernova’ Malware Linked to SolarWinds Cybersecurity Breach

X Development, DIU Prototyping AI-Powered Disaster Response Awareness & Analysis Technology

CISA & Partner Agencies Issue Guidance on Defending US Election Infrastructure Against Foreign Influence Threats

SpaceWERX, Aerospace Corporation Launch Tech Advancement Initiative for Small Businesses