Monday, April 12, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

March 9, 2021
in Internet Security
Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

A possible link to China has been noted by researchers examining the exploit of SolarWinds servers to deploy malware. 

On Monday, Secureworks’ counter threat unit (CTU) said that during late 2020, a compromised Internet-facing SolarWinds server was used as a springboard to deploy Supernova, a .NET web shell. 

You might also like

Washington State educational organizations targeted in cryptojacking spree

Critical Zoom vulnerability triggers remote code execution without user input

Nation-state cyber attacks targeting businesses are on the rise

Similar intrusions on the same network suggest that the Spiral threat group, suspected of a Chinese origin, is to blame for both cases.

According to the researchers, CVE-2020-10148 has been actively exploited by Spiral. This vulnerability is found in the SolarWinds Orion API and is described as an authentication bypass bug leading to the remote execution of API commands.

When vulnerable servers are detected and exploited, a script is deployed to write the Supernova web shell to disk using a PowerShell command.

Written in .NET, Supernova is described by Palo Alto Networks as an advanced web shell designed not only to maintain persistence on a compromised machine but one that is also able to compile “method, arguments and code data” in-memory, leaving little forensic trace. 

“The attackers have constructed a stealthy and full-fledged .NET API embedded in an Orion binary, whose user is typically highly privileged and positioned with a high degree of visibility within an organization’s network,” Palo Alto says. “The attackers can then arbitrarily configure SolarWinds (and any local operating system feature on Windows exposed by the .NET SDK) with malicious C# code. The code is compiled on the fly during benign SolarWinds operation and is executed dynamically.”

In the case noted by SecureWorks, Supernova is used to perform reconnaissance, for domain mapping, and for both credential and information theft.

The past intrusion was performed on a ManageEngine ServiceDesk server, with access gained as early as 2018. In these examples, identical commands were used and the same servers were accessed — a domain controller and system containing sensitive business data — and a total of three compromised admin accounts were hijacked in both attacks.  

“CTU researchers have associated Chinese threat groups with network intrusions involving the targeting of ManageEngine servers, maintenance of long-term access to periodically harvest credentials and exfiltrate data, and espionage or theft of intellectual property,” the team notes.

It is not believed, however, that these cases are linked to the devastating SolarWinds supply chain attack that took place in December 2020. Cyberattackers compromised the chain and deployed a malicious Orion update, impacting upwards of 18,000 organizations. 

Microsoft estimates that it took the combined efforts of at least 1,000 engineers to pull off the attack and recently found three new malware components linked to the attack alongside Sunburst/Solorigate, Teardrop, and Sunspot. 

Update 18.22GMT: A SolarWinds spokesperson told ZDNet:

“This report references an incident where a network was first compromised in a way that was unrelated to SolarWinds. That breach enabled the attackers to add the malicious Supernova code to Orion software on the customer’s network. 

It is important to note that Supernova is not associated with the broad and sophisticated supply chain attack that targeted multiple software companies as vectors. Supernova was neither signed nor delivered by SolarWinds and the issue was addressed in Orion platform updates that were released in December.”

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Credit: Zdnet

Previous Post

Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks

Next Post

How Image Annotation Helps in AI Development for Agriculture Sector? | by ANOLYTICS

Related Posts

Washington State educational organizations targeted in cryptojacking spree
Internet Security

Washington State educational organizations targeted in cryptojacking spree

April 10, 2021
Critical Zoom vulnerability triggers remote code execution without user input
Internet Security

Critical Zoom vulnerability triggers remote code execution without user input

April 10, 2021
Nation-state cyber attacks targeting businesses are on the rise
Internet Security

Nation-state cyber attacks targeting businesses are on the rise

April 10, 2021
These are the terrible passwords that people are still using. Here’s how to do better
Internet Security

These are the terrible passwords that people are still using. Here’s how to do better

April 9, 2021
Why do phishing attacks work? Blame the humans, not the technology
Internet Security

Why do phishing attacks work? Blame the humans, not the technology

April 9, 2021
Next Post
How Image Annotation Helps in AI Development for Agriculture Sector? | by ANOLYTICS

How Image Annotation Helps in AI Development for Agriculture Sector? | by ANOLYTICS

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Hawaiʻi’s Keck Observatory Aids in Discovery of Rare “Quadruply Imaged Quasars”
Machine Learning

Hawaiʻi’s Keck Observatory Aids in Discovery of Rare “Quadruply Imaged Quasars”

April 12, 2021
Interpretive Analytics in One Picture
Data Science

Interpretive Analytics in One Picture

April 12, 2021
AI and Machine Learning Driven Contract Lifecycle Management for Government Contractors
Machine Learning

AI and Machine Learning Driven Contract Lifecycle Management for Government Contractors

April 12, 2021
Cambridge Quantum Computing Pioneers Quantum Machine Learning Methods for Reasoning
Machine Learning

Cambridge Quantum Computing Pioneers Quantum Machine Learning Methods for Reasoning

April 11, 2021
Why Machine Learning Over Artificial Intelligence?
Machine Learning

Why Machine Learning Over Artificial Intelligence?

April 11, 2021
27 million galaxy morphologies quantified and cataloged with the help of machine learning
Machine Learning

27 million galaxy morphologies quantified and cataloged with the help of machine learning

April 11, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Hawaiʻi’s Keck Observatory Aids in Discovery of Rare “Quadruply Imaged Quasars” April 12, 2021
  • Interpretive Analytics in One Picture April 12, 2021
  • AI and Machine Learning Driven Contract Lifecycle Management for Government Contractors April 12, 2021
  • Cambridge Quantum Computing Pioneers Quantum Machine Learning Methods for Reasoning April 11, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates