The Chinese espionage group Spiral may be to blame for two intrusions in 2020 to a SolarWinds Orion server that were linked to each other but not to the infamous SolarWinds attack attributed to Russia. ("Peter @ Solarwinds office" by ecooper99 is licensed under CC BY 2.0)

Researchers Monday suspected the Chinese espionage group Spiral of two intrusions in 2020 to a SolarWinds Orion server that were linked to each other but not to the infamous SolarWinds attack attributed to Russia.

In a blog, the Secureworks Counter Threat Unit (CTU) reported that Spiral exploited an internet-facing SolarWinds server to deploy the Supernova web shell. The researchers said the threat actor exploited a SolarWinds Orion API authentication bypass vulnerability (CVE-2020-10148) to execute a reconnaissance script and then write the Supernova web shell to disk. The vulnerability could let a remote attacker bypass authentication and execute API commands, which may result in a compromise of the SolarWinds instance.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.