Metacurity

Share this post

A New Threat Actor is Exploiting Pulse Secure VPN and SolarWinds Orion Vulnerabilities to Install Credential-Stealing Malware

metacurity.substack.com

A New Threat Actor is Exploiting Pulse Secure VPN and SolarWinds Orion Vulnerabilities to Install Credential-Stealing Malware

Prometei botnet hackers are exploiting Exchange flaws, Hackers use ToxicEye RAT to hack Telegram, Threat actors exploiting new Trend Micro bug, 18 new C&C SolarWinds' hackers servers found, more

Cynthia Brumfield
Apr 23, 2021
∙ Paid
1
Share

Plug: Check out my latest column on the Biden administration’s 100-day push for better electric sector cybersecurity.

The Cybersecurity and Infrastructure Security Agency (CISA) warns that a new threat actor aside from Russia is exploiting a vulnerability in Pulse Secure’s virtual private network (VPN) appliance, moving laterally to its SolarWinds Orion server, installing malware referred to by security researchers as SUPERNOVA (a .NET webshell), and stealing credentials.

CISA issued a warning earlier this week about FireEye's discovery that a hacking group linked to the Chinese government uses vulnerabilities in the VPN to target defense industrial base contractors and entities in Europe. (Justin Katz / FCW)

Related: CISO MAG, SensorsTechForum, Cyber News Group, DataBreaches.net, CISA.gov, Dark Reading: Attacks/Breaches, MSSP Alert, The Register - Security, Cyberdefense Magazine, CRN, HealthITSecurity, Talos Intel, SecurityWeek, Help Net Security, The Hill, TechTarget, Computing.c…

Keep reading with a 7-day free trial

Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
Previous
Next
© 2023 DCT Associates
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing