SUPERNOVA backdoor found in SolarWinds cyberattack, likely from a second threat actor

SUPERNOVA is a webshell planted in the code of the Orion network and apps monitoring the platform, enabling adversaries to run arbitrary code on machines running the Trojanized version of the software. SUPERNOVA is a Trojanized variant of a legitimate .NET library, modified with the purpose of evading automated defense mechanisms. According to researchers, SUPERNOVA is likely to be the work of the other threat actor, independent from the hacking group that breached the U.S. internal network. Read more...