Uncovered backdoor implant in a SolarWinds Orion server
released on 2021-02-05 @ 07:50:11 PM
"The threat actor gained access to the web server and installed a web shell to send commands and orchestrate the rest of the attack. Given the recent supply chain attack on SolarWinds, this attack is certainly of note. However, we could not identify concrete evidence that the two are connected. The C2s, web shell, and DLL used in this attack are not ones we have observed before, outside of this single incident, nor have we observed them used since."