Thursday, May 4, 2023

Supply chain attacks

There has been a lot more focus over the past decade on "Supply Chain attacks" - attacks that go after one of your vendors/suppliers so that they can exploit the trust relationship you have with the vendor against you.  Lately there was a high visibility example of this in action:

Just a month after the North Korea-linked APT hacker group known as Lazarus targeted 3CX in a supply chain attack, Symantec's researchers have found that two infrastructure organizations as well as two businesses involved in financial trading were affected in the same attack.

The initial compromise that affected 3CX — also known as the X-Trader software supply chain attack and first discovered by Mandiant researchers — was a supply chain compromise that "spread malware via a Trojanized version of 3CX's legitimate software that was available to download from their website." This breach caused customers to download malicious versions of the company's video-calling software.

As the investigation unfolds with new information, the names of the two critical infrastructure organizations affected have not been revealed, but they are in the power and energy sector, in the US and Europe, respectively. The attack seems to be financially motivated; while North Korea-sponsored threat actors engage in cyber espionage, they also go after funds for the regime. 

Why do they rob banks?  Because that's where the money is.

What people are doing is requiring agreements with their vendors.  While an agreement is just a piece of paper, failing to keep an agreement with one of your customers seems like bad business.

3 comments:

Richard said...

The mother of all supply chain attacks, so far, is the US blowing up the pipeline.

Landroll said...

Richard, without revealing sources and methods, can you explain exactly how you know this? Or are you just making a wild ass assumption? Justas easily it could have been a black flag operation by the Bear to drive a wedge between the supporters of the Ukies. There've been enough historical examples of that sort of thing to make enquiring minds wonder.

Richard said...

Landroll. It could have been the Martians too. I am relying on published accounts by Seymour Hersh who got My Lai and Abu Ghraib correct. You are apparently unaware that even the US government has said Russia didn't do it and concocted a story about Ukrainian actors, not affiliated with the government-a story denied by both Ukraine and Russia.
Anyway logic would dictate that Russia wouldn't blow up their own asset when all they had to do was turn it off on their end which they had already done. The point of blowing it up was to prevent Germany from doing a deal with Russia to turn it back on. So the US not only committed an act of war against Russia but also against Germany who is a half owner of the pipeline.