Organizations across Asia, especially in Hong Kong, have been targeted by a software supply chain attack by the newly discovered Carderbee hacking operation that commenced in April, CyberScoop reports.
Attackers have leveraged a Cobra DocGuard software update file to facilitate the delivery of the Korplug malware, also known as PlugX, to nearly 100 computers across various organizations, according to a report from the Symantec Threat Hunter Team. Sophisticated threat actors are believed to be behind the supply chain attack due to the presence of signed malware to conceal malicious activity, said researchers.
"The Korplug back door is usually used by China-linked APT groups. In addition to this, the targeting is in line with what we've seen from China-linked groups in the past. As stated in the blog there are also some similarities between this activity and previous activity carried out by the Budworm (aka APT27) group," said Symantec Senior Intelligence Analyst Brigid Gorman.
SiliconAngle reports that mounting cybersecurity threats against the hardware supply chain have prompted the Cybersecurity and Infrastructure Security Agency to unveil a new framework aimed at bolstering risk assessment and mitigation in the supply chain.
The strategy is designed to focus federal resources towards better investment in a range of emerging technologies while also building an environment for innovation and a stable of qualified domestic workers for businesses and governments to tap.