A number of cyber-security firms, including Kaspersky, Cisco Talos, Morphisec, Symantec and more, are warning about the increasing number of software supply chain attacks, whereby hackers are breaking into the networks and systems of legitimate developers and hiding malicious code within trusted apps and software.
Kaspersky earlier this year detailed a supply chain attack on the systems of Taiwanese tech giant, ASUS, whereby attackers added malicious code to the Asus Live Update utility.
Another similar attack in 2018 affected Piriform's CCleaner, when security researchers at Cisco Talos and Morphisec discovered that the popular utility was infused with malicious code after hackers broke into Piriform’s London networks by using stolen credentials.
According to security researchers, the aforementioned works are most likely the handiwork of a single group of Chinese-speaking hackers, known variously as Barium, ShadowHammer, ShadowPad, or Wicked Panda, depending on which security firm you ask.
Post a Comment