The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed details of a new advanced persistent threat (APT) that’s leveraging the Supernova backdoor to compromise SolarWinds Orion installations. CISA said it identified the threat actor during an incident response engagement at an unnamed organization and found that the attacker had access to the network for nearly a year through the use of the VPN credentials between March 2020 and February 2021. The adversary is said to have used valid accounts that had multi-factor authentication (MFA) enabled to connect to the VPN, thus allowing them to masquerade as teleworking employees.
Source: https://thehackernews.com/2021/04/hackers-exploit-vpn-flaw-to-deploy.html