Share this article on:
The SolarWinds hackers allegedly leveraged the Pulse Secure VPN to access the company’s Orion server, a recent report suggests.
The US Cybersecurity and Infrastructure Security Agency (CISA) released an analysis report this week, outlining that the SUPERNOVA malware was able to enter the SolarWinds Orion server via a Pulse Secure virtual private network (VPN).
In 2020, overseas hackers that are broadly thought to be Russian based, hacked into leading IT firm SolarWinds’ Orion server. SolarWinds services clients from across the Fortune 500 and US government. It is believed that the breach allowed the SUPERNOVA malware to infect SolarWinds’ client companies.
“[Advanced persistent threat] actors use SUPERNOVA to perform reconnaissance, conduct domain mapping, and steal sensitive information and credentials,” CISA reported this week.
“According to a SolarWinds advisory, SUPERNOVA is not embedded within the Orion platform as a supply chain attack; rather, an attacker places it directly on a system that hosts SolarWinds Orion, and it is designed to appear as part of the SolarWinds product.”
CISA described that the culprits entered onto the server via SolarWinds’ Pulse Secure VPN, and were able to log on appearing as employees.
“Note: these IP addresses belong to routers that are all similar models; based on this activity, CISA suspects that these routers were likely exploited by the threat actor,” CISA explained.
[Related: Op-Ed: Keep your application’s secrets protected]
Liam Garman is the managing editor of professional services, real estate and security at Momentum Media. He began his career as a speech writer at New South Wales Parliament before working for world leading campaigns and research agencies in Sydney and Auckland. Throughout his career, Liam has managed and executed international media campaigns spanning politics, business, industrial relations and infrastructure. He’s since shifted his attention to writing on politics and business, and holds a Bachelor of Commerce from the University of Sydney and a Masters from UNSW Canberra with a thesis on postmodernism and media ecology.