From bleepingcomputer.com
Intrusion activity related to the Supernova malware planted on compromised SolarWinds Orion installations exposed on the public internet points to an espionage threat actor based in China.
Security researchers named the hacker group Spiral and correlated findings from two intrusions in 2020 on the same victim network to determine activity from the same intruder.
Unlike the malware used in the SolarWinds supply-chain attack [1, 2, 3], which was embedded in the Orion software builds from the developer, the Supernova web shell ended inside the platform after hackers exploited a critical vulnerability in product installations reachable over the public web.