Discover this podcast and so much more

Podcasts are free to enjoy without a subscription. We also offer ebooks, audiobooks, and so much more for just $11.99/month.

SUPERNOVA activity and its possible connection to SPIRAL threat group. [Research Saturday]

SUPERNOVA activity and its possible connection to SPIRAL threat group. [Research Saturday]

FromCyberWire Daily


SUPERNOVA activity and its possible connection to SPIRAL threat group. [Research Saturday]

FromCyberWire Daily

ratings:
Length:
20 minutes
Released:
May 8, 2021
Format:
Podcast episode

Description

Guest Mike McLellan from Secureworks joins us to share his team's insights about SUPERNOVA and threat group attribution. Similarities between the SUPERNOVA activity and a previous compromise of the network suggest that SPIRAL was responsible for both intrusions and reveal information about the threat group.
In late 2020, Secureworks® Counter Threat Unit™ (CTU) researchers observed a threat actor exploiting an internet-facing SolarWinds server to deploy the SUPERNOVA web shell. Additional analysis revealed similarities to intrusion activity identified on the same network earlier in 2020, suggesting the two intrusions are linked. CTU™ researchers attribute the intrusions to the SPIRAL threat group. Characteristics of the activity suggest the group is based in China.
The research can be found here:
SUPERNOVA Web Shell Deployment Linked to SPIRAL Threat Group
Released:
May 8, 2021
Format:
Podcast episode