Researchers at SecureWorks Counter Threat Unit found Supernova malware planted on compromised SolarWinds Orion installations exposed on the public internet points to an espionage threat actor based in China. Researchers named the hacker group Spiral and correlated findings from two intrusions in 2020 on the same victim network to determine activity from the same intruder. The attack was targeted because once the web shell was planted, the attacker mapped network shares on only two servers that gave them domain control and access to sensitive business data. Researchers highlight the difficulties of attributing cyberattacks to a particular threat actor but believe that their discoveries point to a China-based hacking crew.
Source: https://www.bleepingcomputer.com/news/security/hackers-hiding-supernova-malware-in-solarwinds-orion-linked-to-china/