Breaching Trust: The Evolving Landscape of Supply Chain Attacks - VMRay

Breaching Trust:  
The Evolving Landscape of Supply Chain Attacks

Q3 – 2023

Explore the evolving landscape of supply chain attacks: the tactics, strategies, and emerging threat actors.

Table of Contents

The intricacies of supply chain attacks continue to unfold, representing an advanced form of cyber threats where infiltrators breach trusted networks, impacting multiple systems without the victims’ awareness. This chapter delves into the latest developments, revealing the evolving tactics employed by threat actors to compromise and exploit these critical links in the digital ecosystem.

 

Supply chain attacks represent an advanced type of cyber-attack where assailants breach the network of a reputable distributor or supplier to compromise multiple systems, often with the victims unaware of the infiltration. This technique maintains its popularity due to its effectiveness and the extensive array of potential victims it can impact.

Behind the Veil: Lazarus’ PyPI Deception

In a specific case, state-sponsored hackers from North Korea, known as Lazarus, introduced harmful packages to PyPI, with one disguised as a VMware vSphere connector module titled vConnector. These packages mimicked well-known software projects and experienced several hundred downloads.

The harmful packages exhibited slight structural and content variations from the authentic ones, with alterations mainly focusing on initiating a harmful function that activates data harvesting from the compromised device. The collected data is subsequently transmitted to the assailant’s command and control centers, which reply with a concealed Python module containing the download URL for the subsequent payload.

Carderbee’s Tactical Assault: Targeting Asia with Supply Chain Intricacies

Another emerging threat actor, named “Carderbee” has been spotted conducting supply chain attacks, mainly focusing on entities in Asia. They employed authentic software, Cobra DocGuard, to infect the computers of their targets with PlugX malware.

This group strategically infiltrated high-value targets, introducing various malware types, including PlugX, through the software updater of DocGuard. The exploitation of a supply chain and the employment of digitally signed malware in these assaults reveal a considerable degree of stealth and planning.

Home: 
VMRay Malware & Phishing Threat Landscape – Q3/2023

Next Chapter: 
Developments in zero-day vulnerabilities

See VMRay in action.
Secure your organization against the emerging and evolving threats.

Further resources

WEBINAR

Key forces shaping the future of security automation

Watch the full recording from the our webinar featuring Forrester

INTEGRATIONS

Explore VMRay’s seamless integrations

Explore all security automation use cases that help you can benefit.

SOLUTION BRIEF

VMRay Professional Services

Learn how VMRay supports deployment, configurations, integrations & more.

Calculate how much malware false positives are costing your organization:
Malware False Positive Cost Calculator