Microsoft warned CrowdStrike earlier this month of a failed attempt by unidentified attackers to access and read the company’s emails, according to a blog post published by the security firm.
An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as a zero-day to deploy the SUPERNOVA malware in target environments.
In this technique, malicious Office documents containing VBA code are saved within streams of CFBF files, with VBA macros saving data in a hierarchy including various types of streams.
In a recent attack, the group has been observed actively using a newly developed Internet Relay Chat (IRC) bot dubbed TNTbotinger, which can be used to perform DDoS attacks.
The recent attacks use payloads hosted on a new GitHub repository, which includes a Linux-based cryptominer, a list of passwords for brute-force attacks, and a statically linked Python 3.9 interpreter.
The attackers made changes to software installers available for download from a Vietnam government website. In addition, they added a backdoor to target users of a legitimate application.
The recent supply chain attack has proven to be one of the most damaging attacks of 2020. Several distinct malware families have emerged in relation to the compromise. These include the SUNBURST backdoor, SUPERNOVA, COSMICGALE & TEARDROP.
The digital landscape is far too complex for those who rely on it—us—to monitor all the ways we’re exposed. Major factors determining whether our data will be used against us are completely out of our control.
These extensions installed in more than 8 million users’ browsers accessed a remote server in the background, trying to download malicious code, a process that our security solutions detect as dangerous.
SolarWinds has released an updated security advisory for the additional SuperNova malware discovered to have been distributed through the company’s network management platform.