May 11, 2021

SpywareNews.com

Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

CISA – SUPERNOVA Malware alert April 2021

CISA has issued a special security bulletin related to advanced malware called “SUPERNOVA” which is actively circulating in the wild.

CISA Incident Response to SUPERNOVA Malware | CISA

CISA Identifies SUPERNOVA Malware During Incident Response | CISA

CISA has released AR21-112A: CISA Identifies SUPERNOVA Malware During Incident Response to provide analysis of a compromise in an organization’s enterprise network by an advance persistent threat actor. This report provides tactics, techniques, and procedures CISA observed during the incident response engagement.   CISA encourages organizations to review AR21-112A for more information.

SUPERNOVA is a malicious webshell backdoor that allows a remote operator to dynamically inject C# source code into a web portal to subsequently inject code. APT actors use SUPERNOVA to perform reconnaissance, conduct domain mapping, and steal sensitive information and credentials.