Solarwinds, a provider of IT management software was recently breached by malware known as SUPERNOVA. In response to the attack, Solarwinds released an update to their Orion Platform.

Earlier this December, an announcement outlining the cyberattack on Solarwinds was released to the public. The cyberattack took the form of SUNBURST, a backdoor malware hidden inside the Solarwinds automatic update features. Acting quickly, Solarwinds dealt with the SUNBURST attack but further analysis by Palo Alto and Microsoft found another malicious program, SUPERNOVA, among the files as well. 

Partners only received a full analysis SUPERNOVA on the 24th, as detailed in their security advisory. It explains,

The SUPERNOVA malware consisted of two components. The first was a malicious, unsigned web shell .dll “app_web_logoimagehandler.ashx.b6031896.dll” specifically written to be used on the SolarWinds Orion Platform. The second is the utilization of a vulnerability in the Orion Platform to enable the deployment of the malicious code. This vulnerability in the Orion Platform has been resolved in the latest updates.

The same day, Solarwinds updated their software with multiple patches to both protect from SUNBURST and SUPERNOVA, their most recent update being released on the 27th. Solarwinds encourages customers to update/upgrade their software and if unable to do so, Solarwinds provided a script that can be quickly installed to safeguard against further SUNBURST and SUPERNOVA attacks.

Solarwinds outlines their report on the issue with,

SolarWinds has developed a program to provide professional consulting resources experienced with the Orion Platform and products to assist customers who need guidance on or support upgrading to the latest hotfix updates. These consulting services will be provided at no charge to active maintenance Orion Platform product customers.” Finishing with, “The company wants to make sure that customers working to secure their environments have the help and assistance they need from knowledgeable resources.

Read the Solarwinds response here.

LEAVE A REPLY

Please enter your comment!
Please enter your name here