2020 isn't over yet. That hack is worse than you think. New SUPERNOVA backdoor found in SolarWinds cyberattack analysis
While analyzing artifacts from the SolarWinds Orion supply-chain attack, security researchers discovered another backdoor that is likely from a second threat actor.
Named SUPERNOVA, the malware is a webshell planted in the code of the Orion network and applications monitoring platform and enabled adversaries to run arbitrary code on machines running the trojanized version of the software.
If you are interested in the technical details of a hack, you can click thru. From a technical persepctive, it is a thing of beauty. But from a real life perspective, it is just awful.
You can find more details at Unit 42.
As far as who has fallen victim to the SUPERNOVA hack... (Courtesy of Security Now Show Notes.)
The biggest names on this list include the likes of Cisco, SAP, Intel, Cox Communications, Deloitte, Nvidia, Fujitsu, Belkin, Amerisafe, Lukoil, Rakuten, Check Point, Optimizely, Digital Reach, Digital Sense and probably MediaTek.
You can find Security Now video at this link.