Article 4EFGG A mysterious hacker gang is on a supply-chain hacking spree

A mysterious hacker gang is on a supply-chain hacking spree

by
WIRED
from Ars Technica - All content on (#4EFGG)
GettyImages-981636794-800x533.jpg

Enlarge (credit: Lino Mirgeler/picture alliance via Getty Images)

A software supply-chain attack represents one of the most insidious forms of hacking. By breaking into a developer's network and hiding malicious code within apps and software updates that users trust, supply-chain hijackers can smuggle their malware onto hundreds of thousands-or millions-of computers in a single operation, without the slightest sign of foul play. Now what appears to be a single group of hackers has managed that trick repeatedly, going on a devastating supply-chain hacking spree-and the hackers have become more advanced and stealthy as they go.

Over the past three years, supply-chain attacks that exploited the software distribution channels of at least six different companies have now all been tied to a single group of likely Chinese-speaking hackers. The group is known as Barium, or sometimes ShadowHammer, ShadowPad, or Wicked Panda, depending on which security firm you ask. More than perhaps any other known hacker team, Barium appears to use supply-chain attacks as its core tool. Its attacks all follow a similar pattern: seed out infections to a massive collection of victims, then sort through them to find espionage targets.

Read 18 remaining paragraphs | Comments

index?i=NLuOT1LiVlo:caVA1CexTZA:V_sGLiPB index?i=NLuOT1LiVlo:caVA1CexTZA:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments