By Justin Katz
Apr 27, 2021
A Chinese hacking campaign is using known flaws in a virtual private network application to breach entity networks and implant the malware security researchers dubbed SUPERNOVA, the Cybersecurity and Infrastructure Security Agency said April 22.
While similar to the recent attack attributed to Russian foreign intelligence, CISA assesses this is a separate actor than the APT actor responsible for the SolarWinds supply chain compromise described in previous alerts, according to the report. Organizations that find SUPERNOVA on their SolarWinds installations should treat this incident as a separate attack.
The threat group, according to CISA, probably used an authentication bypass vulnerability in Orion to implant the SUPERNOVA malware, which is a backdoor that allows an attacker access to targeted systems.
By
Brad D. Williams on April 27, 2021 at 4:07 PM
WASHINGTON: The powerful chairman of the Senate Intelligence Committee said today a bill that will likely include “mandatory reporting” on cyber incidents and public-private cyber threat intelligence sharing is in the works.
Sen. Mark Warner was clear in his speech to the US Chamber of Commerce that there’s a “recognition that our current system is not working.” For example, if the bad guys had wanted the SolarWinds campaign to be something other than cyberespionage, Warner said, then we could have seen a “crushing” result. The SolarWinds campaign was discovered and publicly disclosed by private security company FireEye in December, months after it was launched in March 2020.
The federal government was made aware of the massive breach only when cybersecurity group FireEye, also compromised by the hackers, came forward in December to report the incident voluntarily, a move that wasn t legally required.
ADVERTISEMENT
“This is what the committee is working on in a very bipartisan way,” Warner said during a virtual event hosted by the U.S. Chamber of Commerce. “Can we create a structure that would allow some limited mandatory reporting for government contractors and critical infrastructure that doesn’t get to the full data breach negotiations?”
Warner compared the potential structure for reporting breaches to the federal government to the National Transportation Safety Board, which investigates transportation-related accidents but with an emphasis on the need to catch a breach midincident.
Un patch urgent pour Pulse Connect Secure - Le Monde Informatique lemondeinformatique.fr - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from lemondeinformatique.fr Daily Mail and Mail on Sunday newspapers.
Reseller News
Join Reseller News
Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.Sign up now
Businesses need to patch Pulse Secure VPNs
Vulnerabilities in Pulse Connect Secure VPN software have reportedly been exploited by attackers, some believed linked to China, to compromise networks. Credit: Dreamstime
Organisations using Pulse Secure’s mobile VPN should patch vulnerabilities reportedly being exploited in the wild, possibly by a “Chinese espionage actor”.
The patch - available here - is considered important enough that the Cybersecurity and Infrastructure Security Agency (CISA) gave federal agencies a deadline of April 23 to apply them. CISA’s guidance states that federal users of Pulse Connect Secure VPNs must use the company’s free utility to ascertain whether their devices are vulnerable.