The threat of 'supply chain attacks' that feed malware directly to company official software and update updates continues to increase



' Supply chain attack ' of software is a hacking method of mixing malicious code such as malware into software in the process of supply chain such as development, manufacturing, distribution and distribution. The threat of supply chain attacks is growing, reports Ars Technica.

A mysterious hacker gang is on a supply-chain hacking spree | Ars Technica

It is easy to unconditionally download and install official software of famous companies and software updates of software already installed. If malicious code is embedded in such an update program, malware will be mixed into the PC in a single operation of hundreds of thousands and millions of computers 'updating', which is a malicious attack. Will be unprotected against The case where malware is mixed in the official software of CCleaner and ASUS is one of the cases where software of a famous company was subjected to supply chain attack.

CCleaner's official file is tampered with and downloaded with malware included-GIGAZINE

It turns out that malware has been distributed via the backdoor provided in the official 'ASUS Live Update Utility' of ASUS-GIGAZINE

It has been found that 700,000 PCs were damaged in the CCleaner case and 600,000 in the ASUS case. Companies that distribute software from six companies in the past three years have been the target of supply chain attacks in a similar manner, but the involvement of hacker groups behind them is suspected.

The hacker group is a hacker group called ' Barium ', although the names given by security companies such as 'Shadow Hammer', 'ShadowPad' and 'Wicked Panda' are different. Barium is a group of Chinese-speaking hackers, and the code used for the crime seems to be similar to the hacker organization '

APT17 ' that has been suspected of involvement by the Chinese government.



Barium's signature is unique, and despite breaking into many PCs, the really important information is stolen from only a few. In the case of ASUS, about 600 of the 600,000 units that were damaged, CCleaner only installed spyware that steals important information on only about 40 computers out of 700,000. Most of the affected PCs have stolen low-value information such as 'List of installed software' and 'List of running processes', and only a handful of PCs have stolen important information such as passwords. did. Barium is not seen as a profit-oriented hacker organization.

However, there is no change to the danger of supply chain attacks. Vitaly Kamluk , director of the Asian research department of Russian computer security company Kaspersky said, 'If supply chain attacks contaminating company-certified software that should be reliable continue, people trust legitimate software update and software distribution companies This attack is the worst thing in hacking because it is gone. ' 'There is a constant evolution and sophistication of supply chain attacks,' said Kamluk, 'It seems increasingly difficult to catch hackers who specialize in supply chain attacks over time.' I am concerned about the seriousness of the crime of

Also, Barium is not the only one that is attacking the supply chain. A Russian hacker group is using the ' NotPetya ' malware to attack the supply chain, and the group's attacks are estimated to cost $ 10 billion (approximately 1.100 billion yen).

Malware 'NotPetya (GoldenEye)' that brought down the system of Central Bank and state-owned communication, Chernobyl nuclear power plant is a big outbreak at world level-GIGAZINE

in Security, Posted by darkhorse_log