Cybersecurity and Infrastructure Security Agency (CISA) has reported finding the SUPERNOVA web shell collecting credentials on a SolarWinds Orion server. These observations were made during an incident response to an Advanced Persistent Threat (APT) actors year-long compromise of an enterprise network. CISA found that the attacker(s) had access to the network for nearly a year, between March 2020 and February 2021. The threat actors are believed to be different from the ones behind the infamous supply chain attack.”]