Easy access to all the Government news updates

Subscribe and receive personalized news articles straight in your inbox

*By clicking "Join us now" you agree to receive emails, promotions and general messages from ExecutiveGov. In addition, you also agree to ExecutiveGov's Privacy Policy and Terms & Conditions.

x
/

CISA Issues Analysis Report on ‘Supernova’ Malware

1 min read
Lt. Col. Jody Ogle
Lt. Col. Jody Ogle Cybersecurity Adviser CISA

The Cybersecurity and Infrastructure Security Agency (CISA) has identified a malware dubbed Supernova used by advanced persistent threat actors to compromise an organization’s enterprise network through a Pulse Secure virtual private network device.

CISA said Thursday hackers use Supernova to conduct reconnaissance and domain mapping and steal credentials and sensitive data.

According to the agency, threat actors connect to the network through the VPN appliance and go to the entity’s SolarWinds Orion server through a lateral movement to install the malware, which is described as a “malicious webshell backdoor.”

CISA noted that the threat actor responsible for Supernova is different from the hacker linked to the SolarWinds supply chain compromise. “Organizations that find SUPERNOVA on their SolarWinds installations should treat this incident as a separate attack,” the advisory reads.

CISA recommends that organizations implement multifactor authentication, deploy endpoint defense tools, secure remote desktop protocol, and other remote access tools and maintain up-to-date antivirus engines and signatures, among other measures, to improve the cybersecurity posture of their systems.

ExecutiveGov Logo

Sign Up Now! Executive Gov provides you with Free Daily Updates and News Briefings about Government Technology