Skip to main content

A New Supply Chain Attack Hit Close to 100 Victims—and Clues Point to China

posted onAugust 23, 2023
by l33tdawg
Wikipedia
Credit: Wikipedia

Every software supply chain attack, in which hackers corrupt a legitimate application to push out their malware to hundreds or potentially thousands of victims, represents a disturbing new outbreak of a cybersecurity scourge. But when that supply chain attack is pulled off by a mysterious group of hackers, abusing a Microsoft trusted software model to make their malware pose as legitimate, it represents a dangerous and potentially new adversary worth watching.

Today, researchers on the Threat Hunter Team at Broadcom-owned security firm Symantec revealed that they'd detected a supply chain attack carried out by a hacker group that they've newly named CarderBee. According to Symantec, the hackers hijacked the software updates of a piece of Chinese-origin security software known as Cobra DocGuard, injecting their own malware to target about 100 computers across Asia, mostly in Hong Kong. Though some clues, like the exploitation of DocGuard and other malicious code they installed on victim machines, loosely link CarderBee with previous Chinese state-sponsored hacking operations, Symantec declined to identify CarderBee as any previously known group, suggesting it may be a new team.

Beyond the usual disturbing breach of trust in legitimate software that occurs in every software supply chain, Symantec says, the hackers also managed to get their malicious code—a backdoor known as Korplug or PlugX and commonly used by Chinese hackers—digitally signed by Microsoft. The signature, which Microsoft typically uses to designate trusted code, made the malware far harder to detect.

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th