World News

Chinese Hackers Behind July 2021 SolarWinds Zero-Day

By Gourav Das
0
64

How to Take Your Content Marketing to The Next Level

Gourav Das - 0
Nowadays, the demand for high-quality content is still on the rise. People want more original and fresh content that will keep them entertained, informed...

7 essential tips for influencer marketing

5 Things to Consider Before Hiring a Graphic Designer in Melbourne

On Page vs Off Page SEO: What Are the Differences?

Must read

Gourav Dashttps://yoursdailynews.com
Gourav Das is an irreverent copywriter and business writing coach. He's on a mission to stamp out gobbledygook and to make boring business blogs sparkle.

Attacks On SolarWinds Servers Also Linked To Chinese Threat Actor

Secureworks Secureworks: The second threat actor that targets SolarWind’s vulnerabilities via Orion bugs has characteristics that suggest that the organization is located within China (Catalin Cimpanu/The Record).

In the month of December 2020 just days following the huge SolarWinds supply chain incident, Microsoft warned that a second threat actor was focusing on SolarWinds Orion Server installations that were on-premises of customers.

The second group did not attempt to breach the SolarWinds application infrastructure. Instead, they exploited a CVE-2020-10148 security flaw within the SolarWinds Orion API, which enabled the installation of websites on Orion servers belonging to firms.

SUPERNOVA has been codenamed “web shell. This was a way for attackers to steal information from companies’ internal networks.

Reports from The Cybersecurity and Infrastructure Security Agency, as well as Palo Alto Networks at that time, did not associate this malware with the threat group that is behind SolarWind’s supply chain attack. In the past, however, the US government had officially connected Russia and described any use of the attack as taking place in tandem with the larger and more intrusive supply chain attack.

Secureworks Resolves The SUPERNOVA Mystery

Secureworks published a blog post today, in which it stated that it found connections between SUPERNOVA malware and attacks in August on Zoho’s ManageEngine servers. Secureworks is also an official non-zero-day source on Twitter.

Secureworks stated that it was pursuing this threat actor under Spiral, the codename Spiral. It further stated the following “characteristics suggest that the group is located in China.”

Secureworks announced today it “Similarities in SUPERNOVA-related activity [against Orion Servers] in November and activity that CTU researchers examined in August [against Zoho Servers] suggest that the SPIRAL Threat Group was responsible for both intrusions.” These intrusions may be connected to China.

Secureworks did not provide any specifics on whether it was the Spiral Group was linked to Chinese security operations run by the government. Or, if they’re regular cybercrime organizations looking to gain access, steal, and then ransom corporate networks.

Previous articleAlibaba-Backed Chinese AI Firm Megvii Files For Hong Kong IPO
Next articleBenefits of watching live cam girls for the purpose of porn

More articles

Latest article

© All Right Reserved@yoursdailynews.com
error: Content is protected !!