Friday, 18 June 2021

Anatomy of a Supply Chain Attack

 


Cybercrime group launched a supply chain attack on CCTV vendor

An affiliate of the Darkside ransomware gang, tracked as UNC2465, has conducted a supply chain attack against a CCTV vendor, Mandiant researchers discovered. UNC2465 is considered one of the main affiliated of the DARKSIDE group, along with other affiliates gangs tracked by FireEye/Mandiant as UNC2628 and UNC2659.

The crooks compromised the website of the vendor and implanted malicious code in a Windows application, a custom version of the Dahua SmartPSS Windows app, that the company provides to its customers to control their security feeds.

UNC2465’s move from drive-by attacks on website visitors or phishing emails to this software supply chain attack shows a concerning shift that presents new challenges for detection. While many organizations are now focusing more on perimeter defenses and two-factor authentication after recent public examples of password reuse or VPN appliance exploitation, monitoring on endpoints is often overlooked or left to traditional antivirus.” concludes the report. “A well-rounded security program is essential to mitigate risk from sophisticated groups such as UNC2465 as they continue to adapt to a changing security landscape.

Ref: https://securityaffairs.co/wordpress/119051/cyber-crime/unc2465-supply-chain-attack.html