Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,493
- Points
- 113
Imagine your antivirus turning into a secret agent of hackers.
Researchers from Symantec's Threat Hunter team recently discovered an attack on the software supply chain carried out by an unknown group of hackers. Experts called this group CarderBee. Attackers infected updates to a Chinese software called Cobra DocGuard by injecting their own malicious code. As a result, about 100 computers were compromised across Asia, mainly in Hong Kong.
Despite certain indications that link CarderBee to previous operations by Chinese state hackers, Symantec does not link this group to previously known groups, suggesting that CarderBee may be a new player.
In addition to the typical consequences of an attack on the software supply chain, hackers uploaded their own malware, known as Korplug or PlugX. These programs are often used by Chinese hackers and were signed with a legitimate Microsoft digital signature.
Symantec's Dick O'Brien noted: "The attack demonstrates high professionalism and indicates an experienced attacker."
Interestingly, Cobra DocGuard, advertised as a secure file encryption software, has about 2,000 users. However, the hackers chose only about 100 targets to implement their malware. This may indicate that CarderBee specifically targets its victims.
The Cobra DocGuard app is distributed by EsafeNet, a cybersecurity firm owned by Nsfocus. How exactly CarderBee was able to infect the company's app is not yet clear.
It is noted that this is not the first case of using Cobra DocGuard to distribute malware. Earlier, ESET discovered that a malicious update to this app was used to hack a gambling company in Hong Kong.
It's also worth adding that CarderBee managed to trick Microsoft into signing their malware, making it even less visible to antivirus systems.
Symantec's findings suggest that CarderBee deserves attention and tracking, especially given the high level of professionalism and potential danger to software users around the world.
Researchers from Symantec's Threat Hunter team recently discovered an attack on the software supply chain carried out by an unknown group of hackers. Experts called this group CarderBee. Attackers infected updates to a Chinese software called Cobra DocGuard by injecting their own malicious code. As a result, about 100 computers were compromised across Asia, mainly in Hong Kong.
Despite certain indications that link CarderBee to previous operations by Chinese state hackers, Symantec does not link this group to previously known groups, suggesting that CarderBee may be a new player.
In addition to the typical consequences of an attack on the software supply chain, hackers uploaded their own malware, known as Korplug or PlugX. These programs are often used by Chinese hackers and were signed with a legitimate Microsoft digital signature.
Symantec's Dick O'Brien noted: "The attack demonstrates high professionalism and indicates an experienced attacker."
Interestingly, Cobra DocGuard, advertised as a secure file encryption software, has about 2,000 users. However, the hackers chose only about 100 targets to implement their malware. This may indicate that CarderBee specifically targets its victims.
The Cobra DocGuard app is distributed by EsafeNet, a cybersecurity firm owned by Nsfocus. How exactly CarderBee was able to infect the company's app is not yet clear.
It is noted that this is not the first case of using Cobra DocGuard to distribute malware. Earlier, ESET discovered that a malicious update to this app was used to hack a gambling company in Hong Kong.
It's also worth adding that CarderBee managed to trick Microsoft into signing their malware, making it even less visible to antivirus systems.
Symantec's findings suggest that CarderBee deserves attention and tracking, especially given the high level of professionalism and potential danger to software users around the world.
