Kaspersky uncovers 3-year old supply chain attack campaign>
– Catherine Knowles
[Free Download Manager is the target]
According to Kaspersky, the attackers had been actively trying to breach organizations all around the world since May 2017.
They were using a sophisticated supply chain attack that targeted various commercial and freeware tools such as network monitoring utilities, anti-malware programs and password managers, among others.
They managed to compromise the software providers and had them distribute malicious versions of the applications.
For example, the malicious files were given the same name and size as the original files, but the content was altered.
Kaspersky revealed that this attack used a new form of malware, which was dubbed “SupplyChain.Exploit.EKANS”.
The malware was reportedly embedded in various components of the applications and was capable of performing persistence, lateral movement and downloading malicious payloads.
Kaspersky Security researchers were able to trace the attack back to a Russian IP address, and according to their suspicions, the attackers were targeting the defense, industrial, and energy sectors.
This attack is extremely dangerous because it uses validly signed applications to spread, which might fool users and system administrators into believing the malware is harmless.
Furthermore, the large scale of the operation makes it very difficult to detect and counter.
The incident demonstrates how vulnerable software supply chains are to attack and the importance of organizations taking further steps to protect their systems from supply chain compromises.
This includes regularly monitoring applications, patching them quickly, and ensuring that all available security measures are in use.
Link: https://securitybrief.com.au/story/kaspersky-uncovers-3-year-old-supply-chain-attack-campaign