Common Information
| Type | Value |
|---|---|
| Value |
Supply Chain Compromise - T1195 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Supply chain compromise is the manipulation of products or product delivery mechanisms prior to receipt by a final consumer for the purpose of data or system compromise. Supply chain compromise can take place at any stage of the supply chain including: * Manipulation of development tools * Manipulation of a development environment * Manipulation of source code repositories (public or private) * Manipulation of software update/distribution mechanisms * Compromised/infected system images (multiple cases of removable media infected at the factory) * Replacement of legitimate software with modified versions * Sales of modified/counterfeit products to legitimate distributors * Shipment interdiction While supply chain compromise can impact any component of hardware or software, attackers looking to gain execution have often focused on malicious additions to legitimate software in software distribution or update channels. (Citation: Avast CCleaner3 2018) (Citation: Microsoft Dofoil 2018) (Citation: Command Five SK 2011) Targeting may be specific to a desired victim set (Citation: Symantec Elderwood Sept 2012) or malicious software may be distributed to a broad set of consumers but only move on to additional tactics on specific victims. (Citation: Avast CCleaner3 2018) (Citation: Command Five SK 2011) Detection: Use verification of distributed binaries through hash checking or other integrity checking mechanisms. Scan downloads for malicious signatures and attempt to test software and updates prior to deployment while taking note of potential suspicious activity. Perform physical inspection of hardware to look for potential tampering. Platforms: Linux, Windows, macOS Data Sources: Web proxy, File monitoring |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-04-23 | 0 | L’hebdo cybersécurité | 23 avr 2023 | ||
| Details | Website | 2023-04-22 | 4 | Critical infrastructure also hit by supply chain attack behind 3CX breach - RedPacket Security | ||
| Details | Website | 2023-04-22 | 89 | Bluepurple Pulse: week ending April 23rd | ||
| Details | Website | 2023-04-21 | 4 | N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX | ||
| Details | Website | 2023-04-21 | 2 | N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX - RedPacket Security | ||
| Details | Website | 2023-04-21 | 3 | The 3CX attack gets wilder, marks first 'cascading software supply chain compromise' | ||
| Details | Website | 2023-04-21 | 1 | 3CX hack due to prior supply chain compromise | ||
| Details | Website | 2023-04-21 | 4 | 3CX hack caused by trading software supply chain attack - RedPacket Security | ||
| Details | Website | 2023-04-21 | 4 | Critical infrastructure also hit by supply chain attack behind 3CX breach | ||
| Details | Website | 2023-04-21 | 2 | 3CX hack highlights risk of cascading software supply-chain compromises | ||
| Details | Website | 2023-04-20 | 1 | 3CX Breach Was a Double Supply Chain Compromise – Krebs on Security | ||
| Details | Website | 2023-04-20 | 2 | 3CX Supply Chain Attack Tied to Financial Trading App Breach | ||
| Details | Website | 2023-04-20 | 1 | Infected app on employee’s PC led to 3CX compromise: Report | IT World Canada News | ||
| Details | Website | 2023-04-20 | 1 | Another software supply chain attack discovered during 3CX investigation | ||
| Details | Website | 2023-04-20 | 72 | 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible | Mandiant | ||
| Details | Website | 2023-04-20 | 0 | Intelligence Insights: April 2023 | ||
| Details | Website | 2023-04-19 | 0 | China Leverages Exposed Secrets to Keep the United States on Its Heels | ||
| Details | Website | 2023-04-14 | 10 | Ransomware Roundup – Kadavro Vector Ransomware | FortiGuard Labs | ||
| Details | Website | 2023-04-12 | 8 | Lazarus Sub-Group Labyrinth Chollima Uncovered as Mastermind in 3CX Supply Chain Attack | ||
| Details | Website | 2023-04-04 | 0 | 3CX supply chain attack: cryptocurrency firms targeted | ||
| Details | Website | 2023-04-04 | 9 | SANS ISC Stormcast: Daily Network Security News Summary; Cyber Security Podcast | ||
| Details | Website | 2023-04-03 | 0 | 3CX Attack Shows The Dangers Of ‘Alert Fatigue’ For Cybersecurity | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware – National Cyber Security Consulting | ||
| Details | Website | 2023-04-03 | 0 | Questions remain around 3CX supply chain attack | ||
| Details | Website | 2023-04-03 | 22 | Anomali Cyber Watch: Balada Injector Exploits WordPress Elementor Pro, Icon 3CX Stealer Detected by YARA, Koi Loader-Stealer Compresses-then-Encrypts Memory Streams | ||
| Details | Website | 2023-04-03 | 0 | 6 Steps to Ensure a More Secure Supply Chain Environment |