Another top VPN is reportedly being used to spread SolarWinds hack

News
By published

New attack strategy circumvents the current mitigations

Privacy
(Image credit: Shutterstock / Valery Brozhinsky)

Threat actors used the Pulse Secure VPN appliance to install the Supernova webshell in a victim’s SolarWinds Orion server, and collect user credentials without permission, a new warning has said.

According to a recent advisory put out by the US Cybersecurity and Infrastructure Security Agency (CISA), this appears to be the first observed instance of a threat actor injecting the Supernova webshell directly into a victim’s SolarWinds installation.

The attack is significant as it deviates from the vector used in the earlier SolarWinds attack. Instead of tainting the supply chain, the attackers in the latest attack installed the webshell by directly logging into the victim’s SolarWinds server.

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

“CISA assesses this is a separate actor than the APT actor responsible for the SolarWinds supply chain compromise. Organizations that find Supernova on their SolarWinds installations should treat this incident as a separate attack,” writes CISA in its latest advisory.

New attack vector

The SolarWinds attack that came to light in December 2020 injected malicious updates into the SolarWinds software. The US has pinned the attack on state-sponsored Russian threat actors and there have been several repercussions including sanctions on Russian companies and the expelling of Russian diplomats.

There have been several mitigations to protect SolarWinds servers from compromise. However the new CISA advisory suggests that threat actors have adopted a new tactic. 

In its analysis, CISA observes that the threat actor used the Pulse Secure VPN appliance to connect to the victim’s servers between at least March 2020 and February 2021.

Although CISA notes that attackers authenticated with the Pulse Secure VPN appliance using stolen credentials to masquerade as teleworking employees, cybersecurity firm Ivanti last week acknowledged a flaw in its Pulse Connect Secure VPN devices. The company said the flaw had been exploited by threat actors to move into the systems of “a very limited number of customers".

While CISA has only observed the new attack strategy against a single victim, it stands to reason that there might be several more. Alarmingly from CISA’s breakdown of the attack it appears to be immune to any of the mitigations for the SolarWinds supply-chain attack.

Via VentureBeat

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
vpn
Ivanti warns another critical security flaw is being attacked
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
Representational image depecting cybersecurity protection
Hackers are breaking SonicWall products to target business networks
A VPN runs on a mobile phone placed on a laptop keyboard
SonicWall firewalls hit by worrying cyberattack
China
Salt Typhoon hackers used this clever technique to attack US networks
A person holding out their hand with a digital AI symbol.
This ransomware gang is using SSH tunnels to target VMware appliances
Latest in VPN Privacy & Security
Digital hand set location on map with two pins. AI technology in GPs, innovation delivery, map location, future transport logistic, route path concept. GPs point. New office location, change address
What does your IP address reveal about you?
A stethoscope next to a laptop on a pink background
How to check if your VPN is working
Teenager playing on a gaming PC with two monitors
Is using a VPN while gaming cheating? 5 myths you shouldn't believe about gaming with a VPN
Neon blue email symbols on a black background
Why am I suddenly getting so many spam emails?
A computer file surrounded by red laser beams
Cover your tracks: the risk of sending unencrypted files
Using an Amazon Fire Stick on a Smart TV
How to use a VPN with Fire Stick
Latest in News
Samsung HW-Q990D soundbar with Halloween theme over the top
Samsung promises to repair soundbars bricked by its disastrous software update for free – but it'll probably involve shipping
Google Gemini AI
Gmail is adding a new Gemini AI tool to help smarten up your work emails
Android 16 logo on a phone
Here's how Android 16 will upgrade the screen unlocking process on your Pixel
Man sitting on sofa, drinking coffee, looking at phone in surprise
Thousands of coffee lovers warned to stop using their espresso machines immediately after reports of burns and lacerations
Visual Intelligence identifying a dog
AirPods with cameras for Visual Intelligence could be one of the best personal safety features Apple has ever planned – here's why
Nvidia AMD
Nvidia rumors suggest it's working on two affordable GPUs to spoil AMD's party
More about vpn privacy security
Digital hand set location on map with two pins. AI technology in GPs, innovation delivery, map location, future transport logistic, route path concept. GPs point. New office location, change address

What does your IP address reveal about you?
A stethoscope next to a laptop on a pink background

How to check if your VPN is working
Man sitting on sofa, drinking coffee, looking at phone in surprise

Thousands of coffee lovers warned to stop using their espresso machines immediately after reports of burns and lacerations
See more latest
Most Popular
Man sitting on sofa, drinking coffee, looking at phone in surprise
Thousands of coffee lovers warned to stop using their espresso machines immediately after reports of burns and lacerations
Samsung HW-Q990D soundbar with Halloween theme over the top
Samsung promises to repair soundbars bricked by its disastrous software update for free – but it'll probably involve shipping
A Minecraft sheep.
Minecraft developer rejects generative AI, 'it's important that it makes us feel happy to create as humans'
Nvidia AMD
Nvidia rumors suggest it's working on two affordable GPUs to spoil AMD's party
Google Gemini AI
Gmail is adding a new Gemini AI tool to help smarten up your work emails
Visual Intelligence identifying a dog
AirPods with cameras for Visual Intelligence could be one of the best personal safety features Apple has ever planned – here's why
Android 16 logo on a phone
Here's how Android 16 will upgrade the screen unlocking process on your Pixel
Apple iPhone 16 Review
New iPhone 17 report lends weight to rumors of major display and camera upgrades, and a pricey Apple foldable
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Sky Glass Gen 2
It's a Glass act: the next generation of Sky Glass TV is now at Currys