iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
The SolarWinds hackers allegedly leveraged the Pulse Secure VPN to access the company’s Orion server, a recent report suggests.
The US Cybersecurity and Infrastructure Security Agency (CISA) released an analysis report this week, outlining that the SUPERNOVA malware was able to enter the SolarWinds Orion server via a Pulse Secure virtual private network (VPN).
In 2020, overseas hackers that are broadly thought to be Russian based, hacked into leading IT firm SolarWinds’ Orion server. SolarWinds services clients from across the Fortune 500 and US government. It is believed that the breach allowed the SUPERNOVA malware to infect SolarWinds’ client companies.
“[Advanced persistent threat] actors use SUPERNOVA to perform reconnaissance, conduct domain mapping, and steal sensitive information and credentials,” CISA reported this week.
“According to a SolarWinds advisory, SUPERNOVA is not embedded within the Orion platform as a supply chain attack; rather, an attacker places it directly on a system that hosts SolarWinds Orion, and it is designed to appear as part of the SolarWinds product.”
CISA described that the culprits entered onto the server via SolarWinds’ Pulse Secure VPN, and were able to log on appearing as employees.
“Note: these IP addresses belong to routers that are all similar models; based on this activity, CISA suspects that these routers were likely exploited by the threat actor,” CISA explained.
[Related: Op-Ed: Keep your application’s secrets protected]
Liam Garman is the editor of leading Australian security and defence publications Cyber Daily and Defence Connect.
Liam began his career as a speech writer at New South Wales Parliament before working for world leading campaigns and research agencies in Sydney and Auckland. Throughout his career, Liam has managed and executed a range of international media and communications campaigns spanning politics, business, industrial relations and infrastructure. He’s since shifted his attention to researching and writing extensively on geopolitics and defence, specifically in North Africa, the Middle East and Asia. He holds a Bachelor of Commerce from the University of Sydney and a Masters of Strategy and Security from UNSW Canberra, with a thesis on postmodernism and disinformation operations.
Be the first to hear the latest developments in the cyber industry.
