A mysterious hacker gang is on a supply-chain hacking spree

[Cereberus]

Quote

Group of likely Chinese hackers has poisoned software of at least six companies.

A software supply-chain attack represents one of the most insidious forms of hacking. By breaking into a developer's network and hiding malicious code within apps and software updates that users trust, supply-chain hijackers can smuggle their malware onto hundreds of thousands—or millions—of computers in a single operation, without the slightest sign of foul play. Now what appears to be a single group of hackers has managed that trick repeatedly, going on a devastating supply-chain hacking spree—and the hackers have become more advanced and stealthy as they go.

Over the past three years, supply-chain attacks that exploited the software distribution channels of at least six different companies have now all been tied to a single group of likely Chinese-speaking hackers. The group is known as Barium, or sometimes ShadowHammer, ShadowPad, or Wicked Panda, depending on which security firm you ask. More than perhaps any other known hacker team, Barium appears to use supply-chain attacks as its core tool. Its attacks all follow a similar pattern: seed out infections to a massive collection of victims, then sort through them to find espionage targets.

 

The technique disturbs security researchers not only because it demonstrates Barium's ability to disrupt computers on a vast scale but also because it exploits vulnerabilities in the most basic trust model governing the code users run on their machines.

 

"They're poisoning trusted mechanisms," says Vitaly Kamluk, the director of the Asia research team for security firm Kaspersky. When it comes to software supply chain attacks, "they’re the champions of this. With the number of companies they've breached, I don't think any other groups are comparable to these guys."

 

In at least two cases—one in which it hijacked software updates from computer maker Asus and another in which it tainted a version of the PC cleanup tool CCleaner—software corrupted by the group has ended up on hundreds of thousands of unwitting users' computers. In those cases and others, the hackers could easily have unleashed unprecedented mayhem, says Silas Cutler, a researcher at Alphabet-owned security startup Chronicle who has tracked the Barium hackers. He compares the potential of those cases to the software supply-chain attack that was used to launch the NotPetya cyberattack in 2017; in that case, a Russian hacker group hijacked updates for a piece of Ukrainian accounting software to seed out a destructive worm and caused a record-breaking $10 billion in damage to companies around the world.

 

"If [Barium] had deployed a ransomware worm like that through one of these attacks, it would be a far more devastating attack than NotPetya," Cutler says.

 

So far, the group seems focused on spying rather than destruction. But its repeated supply-chain hijackings have a subtler deleterious influence, says Kaspersky's Kamluk. "When they abuse this mechanism, they're undermining trust in the core, foundational mechanisms for verifying the integrity of your system," he says. "This is much more important and has a bigger impact than regular exploitation of security vulnerabilities or phishing or other types of attacks. People are going to stop trusting legitimate software updates and software vendors."

 

 

full article

https://arstechnica.com/information-technology/2019/05/a-mysterious-hacker-gang-is-on-a-supply-chain-hacking-spree/

 

 

 

so.... it doesn't matter if you don't download dodgy stuff. even the stuff you're supposed to trust is safe could be suspect..... >_>: