Solarwinds Orion Chinacimpanu Therecord – Chinese Hackers are Responsible

Solarwinds Orion Chinacimpanu Therecord – The second threat actor that targets SolarWind’s vulnerabilities via Orion bugs has characteristics which suggest they are located in China ( Catalin Cimpanu/The Record).

The company has been targeted by a Chinese threat actor, who may have had intentions to gain intelligence on the product’s inner workings.

Microsoft warned that a second threat actor was focusing on SolarWinds installations in December 2020, just days following the huge supply chain incident. The new group did not attempt to breach company infrastructure; instead they exploited a CVE-2020–10148 security flaw within our product’s API which gave them access rights for firms’ servers with installed Orion applications (our name for run-of -the mill server software).

This is an interesting finding because it seems as though the US government has suspected Russia’s involvement in SUPERNOVA for some time now. In fact, they were likely able tochiolate ties between these two attacks back at least one year ago!

Secureworks resolves the SUPERNOVA mystery

In a blog post published today, Secureworks revealed that it found connections between SUPERNOVA malware and attacks on ManageEngine servers in August. The security firm is also an official source for non-zero day threats under Twitter handle spiral_thethreatgroup .

The security company Secureworks said that it is unclear who the Spiral Group might be, though they have gathered intelligence on them in order to protect against cyberattacks from Chinese organizations.

Vinod