The U.S. government's Cybersecurity and Infrastructure Security Agency (CISA) has raised an alarm for a new cyberattack in which both a Pulse Secure VPN appliance and the SolarWinds Orion platform were abused for malicious purposes.
Both the Pulse Secure virtual private network (VPN) appliances and the SolarWinds platform are known targets for threat actors: the former for initial access to an environment, and the latter for performing supply chain attacks.
The newly described attack, CISA warns, should not be attributed to the Russian Foreign Intelligence Service (SVR), which the United States and other countries hold accountable for the compromise of government and private organizations through the SolarWinds Orion platform.
As part of the incident, the threat actors that orchestrated the attack deployed onto the SolarWinds platform a piece of malware called Supernova, which is not related to the SolarWinds compromise.
[ SEE: Pulse Secure Zero-Day Flaw Actively Exploited in Attacks ]
Initially identified in December 2020, the malware is deployed post compromise and allows the threat actor to perform reconnaissance and move laterally onto the environment, as well as to perform other activities.
From at least March 2020 through February 2021, CISA says, the APT leveraged several user accounts (none with multi-factor authentication (MFA) enabled) to connect to the victim environment via Pulse Sec ..
Support the originator by clicking the read the rest link below.
