A malicious web shell deployed on Windows systems by leveraging a previously undisclosed zero-day in SolarWinds’ Orion network monitoring software may have been the work of a possible Chinese threat group. Microsoft disclosed in December 2020 that a second espionage group may be abusing the IT infrastructure provider’s Orion software to drop a persistent backdoor called Supernova on target systems. The findings were corroborated by cybersecurity firms Palo Alto Networks’ Unit 42 threat intelligence team and GuidePoint Security, both of whom described Supernova as a.NET web shell.
Source: https://thehackernews.com/2021/03/solarwinds-hack-new-evidence-suggests.html