Within a month, the US government plans to launch a program whose focus will be…
Let me remind you that we wrote that security experts linked Sunburst backdoor with the Kazuar malware.
At first, researchers believed the hackers were using Supernova to download, compile, and execute a malicious Powershell script (dubbed CosmicGale).
However, Microsoft analysts soon reported that Supernova was part of another attack, and it was not at all related to the sensational hack of the supply chain. It turned out that the Supernova web shell was injected into poorly protected SolarWinds Orion installations, vulnerable to the CVE-2019-8917 issue.
A report from Microsoft states that unlike the Sunburst DLL, the Supernova DLL was not signed with a legitimate SolarWinds certificate. Because of this, the experts concluded that this malware had nothing to do with the original attack on the supply chain and generally belonged to a different hack group.
Now Microsoft’s findings have been confirmed by Secureworks. This week the company released a report, according to which Supernova is linked to last year’s attacks on Zoho ManageEngine’s servers (this 0-day bug was simply posted on Twitter).
Secureworks is tracking the attackers who hacked Zoho ManageEngine, codenamed Spiral, and believes the hack group is based in China. So, during the August incident, hackers accidentally revealed one of their IP addresses, which turned out to be associated with the Celestial Empire.
As the researchers now write, the behavior of the Supernova malware is similar to the activity of the group in August last year, directed against the products of Zoho. It looks like Spiral could be responsible for both of these attacks, meaning Microsoft’s analysts were right.
“Similarities between SUPERNOVA-related activity in November and activity that CTU researchers analysed in August suggest that the SPIRAL threat group was responsible for both intrusions. Characteristics of these intrusions indicate a possible connection to China”, – Secureworks researchers write.
Let me also remind you that we wrote that the US government has warned agencies about cybersecurity risks for years.
News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…
Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…
News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…
Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…
News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…
Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…