Hey, guys! How are y’all doing today?
Today, we’re going to look into a supply chain attack where a commercial chat provider, Comm100, was compromised to spread malware by Chinese hackers. The attack on the Canadian company is another example of a supply chain compromise cyberattack, just like the hack on Solarwinds in 2020.
Let’s break this down to understand better.
Providing customer service products like chatbots and social media management tools to more than 15, 000 customers across 50+ countries, one of Comm100’s software was compromised but available for downloads on their website.
Comm100’s Windows Desktop agent software was compromised to deliver trojan malware onto unsuspecting victim devices. According to CrowdStrike who first identified this cyberattack, this malicious software was signed using a legitimate Comm100 certificate dated 26th September 2022 and it remained available for downloads on their website until the morning of 29th September 2022. Upon installation, the embedded malware would connect to a remote command-and-control server, creating a backdoor into compromised systems. Attackers can perform further exploitation once into the victims’ devices.
CrowdStrike researchers suspect the compromised software was in distribution for 2 days but did not reveal how many companies were actually affected. They only mentioned that “entities across a range of industries” were hit.
Chinese hackers involvement?
CrowdStrike’s executive, Adam Meyers, said they are “moderately confident” that the hackers are Chinese due to the malware’s behavior pattern, Chinese language found in the code, usage of Alibaba infrastructure to host servers, technical connections to previous “targeting of online gambling entities in East and Southeast Asia,” and other factors. Besides, one of the victims were repeatedly targeted by Chinese hackers in the past
However, the Chinese government rejected the claim. In an email, Chinese Embassy spokesperson, Liu Pengyu, said officials in Beijing "firmly oppose and crack down on all forms of cyber hacking in accordance with the law" and that the United States "has been loudly active in fabricating and spreading lies about so-called 'Chinese hackers.'"
Comm100 has released an updated installer (10.0.9) that can be downloaded here.
So, there you have it! For more interesting news and updates, sit tight and stay tuned.
Until next time, friends!
Credits: TheRecord, Reuters