Microsoft has uncovered a supply chain attack by the threat actor Diamond Sleet (ZINC) involving a malicious variant of an application developed by CyberLink Corp. This malicious file is a legitimate CyberLink application installer that has been modified to include malicious code that downloads, decrypts, and loads a second-stage payload.
Since early October 2023, Microsoft has observed North Korean nation-state threat actors Diamond Sleet and Onyx Sleet exploiting the Jet Brains TeamCity CVE-2023-42793 remote-code execution vulnerability. Given supply chain attacks carried out by these threat actors in the past, Microsoft assesses that this activity poses a particularly high risk to organizations who are affected.
As vulnerabilities in network components, architecture files, and developer tools have become an increasingly popular attack vector to leverage access into secure networks and devices, Microsoft identified such a vulnerable component and found evidence of a supply chain risk that might affect millions of organizations and devices.
South Staffordshire PLC, a company that supplies water to over one million customers in the United Kingdom, notified its customers in August of being a target of a criminal cyberattack. This incident highlights the sophisticated threats that critical industries face today.
A fake mobile banking rewards app delivered through a link in an SMS campaign has been making the rounds, targeting customers of Indian banking institutions. Users who install the mobile app are unknowingly installing an Android malware with remote access trojan (RAT) capabilities.
Microsoft Entra expands beyond identity and access management with new product categories such as cloud infrastructure entitlement management (CIEM) and decentralized identity.
We, along with the security industry and our partners, continue to investigate the extent of the Solorigate attack. While investigations are underway, we want to provide the defender community with intel to understand the scope and impact, remediation guidance, and detections and protections we have built as a result.
By working with governments, trade organizations, and suppliers, the utility industry can improve security across the supply chain.
The hardware and software companies who supply utilities must implement better security of their build and update environment to reduce the risk of an attack on critical infrastructure.
Astaroth is back sporting significant changes. The updated attack chain maintains Astaroth’s complex, multi-component nature and continues its pattern of detection evasion.
Microsoft Entra expands beyond identity and access management with new product categories such as cloud infrastructure entitlement management (CIEM) and decentralized identity.
Set a high standard of software assurance with internal teams, partners, and suppliers to reduce your risk of a software supply chain attack.
