SolarWinds Breach: Discovery of SUPERNOVA malware and Orion Vulnerability (CVE-2020-10148)

Earlier this month, SolarWinds disclosed a supply chain attack against its Orion Platform Software that resulted in the placement of a backdoor that was distributed to just under 18,000 of its customers. The backdoor arrived in the form of a DLL file that researchers call SUNBURST.

During its continued investigation into the incident, Microsoft discovered the presence of “an additional malware” component unrelated to the SUNBURST incident. Though Microsoft did not label it such, researchers refer to the second malware component as SUPERNOVA.

In addition to the discovery of SUPERNOVA, a recent vulnerability note from the CERT Coordination Center (CERT/CC) details the discovery of a vulnerability in SolarWinds Orion. Specifically, they reference an authentication bypass vulnerability in the SolarWinds Orion API, which is identified as CVE-2020-10148.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.