Here, supply chain attacks means injected code (backdoor) into new releases and updates of software packages, that turns a software supply infrastructure into an attack vector.
Date | Supply chain | Description | Impact |
---|---|---|---|
Oct 2018 | Colourama | The official PyPI repository was found tainted again, this time with Colourama (is not Colorama ). | Colorama is one of the top-20 most-downloaded modules in the Python repository. Colourama, the altered version, when run on Windows servers, adds a script which diverts detected cryptocurrency payments. |
Oct 2018 | VestaCP | The installation script for the control-panel interface that system administrators use to manage servers was found altered to report back generated admin credentials. | There are more than 132,000 unexpired TLS certificates for VestaCP users. |
Sept 2017 | PyPI | The official PyPI repository was found tainted with modified code packages. | The tainted functionalities were incorporated into software multiple times from June until September. |
Sept 2017 | CCleaner | In September of 2017, security researchers at Cisco Talos and Morphisec disclosed CCleaner had been compromised. The 5.33 version of CCleaner had widespread distribution across multiple industries, but the embedded code appeared to be targeted at specific groups in the technology sector. | ~ 2.27 million downloads, but the intent behind the injected packages seems to have been to collect an initial set of reconnaissance data. |
Aug 2017 | NetSarang | Attackers modified at least five software packages distributed by network connectivity and server management solutions provider NetSarang in order to infect its business users with modular backdoor spyware. | The latest versions of Xmanager Enterprise 5 (build 1232), Xmanager 5 (build 1045), Xshell 5 (build 1322), Xftp 5 (build 1218) and Xlpd 5 (build 1220) had been compromised. The affected builds were released on July 18 and the backdoor was only discovered on August 4. |
July 2017 | MeDoc | Attackers comprised M.E. Docs (accounting software) update server and sent NotPetya to unsuspecting victims. | XDATA ransomware was also distributed via M.E. Doc in June 2017 and possibly as early as April 2017 as part of what many now call a wiper attack - it is impossible for the attackers to decrypt victims' disks, even if they pay the ransom fee. |