Trending
79% was the overall satisfaction rate in the latest Federal
Employee Viewpoint Survey, a 4 point increase
CISA warns about new threat group exploiting VPN flaw
In late April, the Cybersecurity and Infra- structure Security Agency released a report warning that a hacking campaign is exploiting known flaws in a virtual private network application to breach networks and implant the malware that security researchers have dubbed Super- nova. Researchers noted that
emergency directive this fiscal year after cybersecurity firm FireEye discovered that a hacking group linked to the Chi- nese government is taking advantage of vulnerabilities in the VPN to target defense industrial base contractors and entities in Europe.
CISA’s advisory states that the threat actor used vulner- abilities in Pulse Secure prod- ucts to attack various organi- zations’ networks from March 2020 to February 2021. “This threat actor targeted multiple entities in the same period; some information in this analysis report is informed by other related incident response engagements and CISA’s pub- lic- and private-sector part-
ners,” the report states. “This APT actor has used opportunistic tradecraft, and much is still unknown” about its tactics, techniques and procedures.
The threat actor was able to breach a VPN device through several user accounts that lacked multifactor authen- tication, but CISA has not determined how the initial credentials were obtained. The actor was then able to move laterally to the entity’s SolarWinds Orion device
and install Supernova.
The advisory does not provide any
information on the targeted organiza- tions or attribute the attack to any par- ticular entity, except to emphasize that it is separate from the one discovered late last year and attributed to Russian foreign intelligence agents.
After issuing that public attribution, the Biden administration disbanded the interagency group tasked with coordinat- ing the federal government’s response to the original campaign against Solar- Winds’ Orion, which involved invok- ing the Obama era Presidential Policy Directive-41 for a whole-of-government response.
“The PPD-41 system needs to demon- strate its ability to ramp up and down the level of effort,” said Mark Montgomery, executive director of the congressio- nal Cyberspace Solarium Commission. “Clearly, they are transitioning from response to recovery. This is a demon- stration of a deliberate, focused leader- ship effort by Anne Neuberger [deputy national security advisor for cyber and emerging technologies at the National Security Council], CISA and the rest of the interagency team.”
— Justin Katz
this advanced persistent threat is separate from the one that was recently attributed to Rus- sian foreign intelligence.
“CISA assesses this is a sep- arate actor than the APT actor responsible for the SolarWinds supply chain compromise” described in previous alerts, the report states. “Organiza- tions that find Supernova on their SolarWinds installations should treat this incident as a attack.”
separate
According to CISA, the latest threat group probably used an authentication bypass vulnerability in SolarWinds’ Orion platform to implant the Supernova mal- ware, which functions as a backdoor that allows an attacker to gain access to tar- geted systems.
Separately, Pulse Secure’s VPN soft- ware became the subject of CISA’s third
“Organizations that find Supernova
on their SolarWinds installations should treat this incident as a separate attack.”
FCW CALENDAR
6/9 IT Modernization 6/15 Cloud
6/18 Industry
The 2021 list of the top
100 government IT contractors will be released at this special Washington Technology event, which also features discussions about winning strategies and the post-pandemic market outlook.
Online
WashingtonTechnology.com/top100
FCW’s Network Modernization Workshop features presentations by Education Department CISO Steven Hernandez; Laura Stanton, assistant
commissioner of GSA’s Office of IT Category; and other federal leaders.
Online
FCW.com/networkmodernization
The Navy’sTravis Methvin and Robert Keisler and DOD’s Dave
Lago and Jason Weiss are among the speakers at the DOD Cloud Workshop hosted by FCW and Defense Systems.
Online
FCW.com/DODcloud
May 2021 FCW.COM 3