Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack

The attackers relied on this mechanism to attempt to deploy an information collector on thousands of machines across over 100 countries, mainly in Brazil, China, France, Germany, Italy, Russia, Spain, and Turkey. Roughly 10% of the affected machines belong to various businesses and organizations.Using the information collected by the malware, the attackers identified systems of interest and infected them with a second, minimalistic backdoor.Only a dozen systems at government, scientific, manufacturing, and retail organizations in Belarus, Russia, and Thailand were infected with the backdoor, suggesting a targeted attack, Kaspersky says.Furthermore, the backdoor was used to deploy more complex malware, namely the QUIC RAT, against a single educational institution in Russia.“This manner of deploying the backdoor to a small subset of infected machines clearly indicates that the attacker had intentions to conduct the infection in a targeted manner. However, their intent – whether it is cyberespionage or ‘big game hunting’ – is currently unclear,” Kaspersky notes.Related:1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, IntercomRelated:SAP NPM Packages Targeted in Supply Chain AttackRelated:Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM DataRelated:Axios NPM Package Breached in North Korean Supply Chain Attack

Using the information collected by the malware, the attackers identified systems of interest and infected them with a second, minimalistic backdoor.Only a dozen systems at government, scientific, manufacturing, and retail organizations in Belarus, Russia, and Thailand were infected with the backdoor, suggesting a targeted attack, Kaspersky says.Furthermore, the backdoor was used to deploy more complex malware, namely the QUIC RAT, against a single educational institution in Russia.“This manner of deploying the backdoor to a small subset of infected machines clearly indicates that the attacker had intentions to conduct the infection in a targeted manner. However, their intent – whether it is cyberespionage or ‘big game hunting’ – is currently unclear,” Kaspersky notes.Related:1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, IntercomRelated:SAP NPM Packages Targeted in Supply Chain AttackRelated:Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM DataRelated:Axios NPM Package Breached in North Korean Supply Chain Attack

Only a dozen systems at government, scientific, manufacturing, and retail organizations in Belarus, Russia, and Thailand were infected with the backdoor, suggesting a targeted attack, Kaspersky says.Furthermore, the backdoor was used to deploy more complex malware, namely the QUIC RAT, against a single educational institution in Russia.“This manner of deploying the backdoor to a small subset of infected machines clearly indicates that the attacker had intentions to conduct the infection in a targeted manner. However, their intent – whether it is cyberespionage or ‘big game hunting’ – is currently unclear,” Kaspersky notes.Related:1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, IntercomRelated:SAP NPM Packages Targeted in Supply Chain AttackRelated:Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM DataRelated:Axios NPM Package Breached in North Korean Supply Chain Attack

Furthermore, the backdoor was used to deploy more complex malware, namely the QUIC RAT, against a single educational institution in Russia.“This manner of deploying the backdoor to a small subset of infected machines clearly indicates that the attacker had intentions to conduct the infection in a targeted manner. However, their intent – whether it is cyberespionage or ‘big game hunting’ – is currently unclear,” Kaspersky notes.Related:1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, IntercomRelated:SAP NPM Packages Targeted in Supply Chain AttackRelated:Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM DataRelated:Axios NPM Package Breached in North Korean Supply Chain Attack

“This manner of deploying the backdoor to a small subset of infected machines clearly indicates that the attacker had intentions to conduct the infection in a targeted manner. However, their intent – whether it is cyberespionage or ‘big game hunting’ – is currently unclear,” Kaspersky notes.Related:1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, IntercomRelated:SAP NPM Packages Targeted in Supply Chain AttackRelated:Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM DataRelated:Axios NPM Package Breached in North Korean Supply Chain Attack

Related:1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, IntercomRelated:SAP NPM Packages Targeted in Supply Chain AttackRelated:Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM DataRelated:Axios NPM Package Breached in North Korean Supply Chain Attack

Related:SAP NPM Packages Targeted in Supply Chain AttackRelated:Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM DataRelated:Axios NPM Package Breached in North Korean Supply Chain Attack

Related:Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM DataRelated:Axios NPM Package Breached in North Korean Supply Chain Attack

Related:Axios NPM Package Breached in North Korean Supply Chain Attack

Ionut Arghire is an international correspondent for SecurityWeek.

Source: SecurityWeek