Top 10 Supply Chain Attacks: What You Need to Know

In 2019, Taiwanese computer manufacturers, specifically ASUS, fell victim to a major cyberattack. Hackers exploited critical code signing keys found on their web update server, allowing them to inject malware into legitimate ASUS software updates. This resulted in the infection of 1 million ASUS computers worldwide.

The ShadowHammer attack lasted for approximately six months, targeting ASUS notebook customers who had enabled the Live Update feature. This utility automatically checks for and installs new firmware and software from ASUS, making it an attractive target for cybercriminals to distribute their malicious code.

In late 2020, SolarWinds became the focal point of a major cybersecurity breach, as it delivered malicious software containing malware intended to steal sensitive information wherever it was installed. Customers had complete confidence in the signed software they received, believing it was safe and free of viruses or malicious code, as it had not been modified since SolarWinds signed, built, and delivered it.

However, hackers placed the Sunspot malware into the Orion IT monitoring system, the software SolarWinds used for IT management. SolarWinds digitally signed the compromised software, which was then utilised to infiltrate over 18,000 private commercial clients and government entities.

The malware was designed to gather information from the infected network and send data to a remote server. The Cozy Bear hacking group, which is connected to the Russian Foreign Intelligence Service (SVR), was identified as the party responsible for the attack.

In January 2023, Airbus fell victim to a sophisticated supply chain attack, orchestrated by a threat actor identified as USDoD. The cyberattack was carried out through a compromised employee account at Turkish Airlines, one of Airbus's key customers. The attacker gained unauthorised access to the employee's credentials, which were used to infiltrate Airbus systems.

The data breach resulted in the exposure of personal information associated with over 3,000 Airbus vendors, including major companies like Rockwell Collins and Thales Group. The compromised data dump included sensitive details such as names, phone numbers, and email addresses, highlighting the vulnerabilities in supply chain security and vendor management.

Norton Antivirus is one of the most widely used antivirus software globally, trusted for protecting millions of devices. However, in May 2023, Norton faced a significant cyberattack. This attack exploited a zero-day vulnerability in the MOVEit Transfer platform, a popular Managed File Transfer (MFT) software utilised by Norton’s parent company for securely transferring files between employees, consumers, and offices.

The cybercriminals successfully breached Norton’s network, accessing sensitive employee information and other critical data. They issued a ransomware threat, demanding payment and threatening to publicly release the stolen information if the ransom was not met.

In February 2023, a critical software supply chain attack targeted Microsoft, exposing significant vulnerabilities in its systems. The attackers exploited a vulnerability in JFrog Artifactory, a widely-used binary repository manager that Microsoft relies on to manage and distribute its software components securely. 

This supply chain attack enabled hackers to infiltrate JFrog Artifactory and inject malicious code into certain Microsoft software components. As a result, the attackers gained unauthorised access to Microsoft's network, where they were able to steal source code and other sensitive confidential information.

This incident highlights the growing risks in software supply chain security and underscores the need for robust measures to protect against supply chain vulnerabilities in major organisations like Microsoft.

The 3CX supply chain attack, discovered in March 2023, became a significant cyber threat impacting macOS and Windows desktop applications. Cybercriminals targeted the 3CX VoIP software, exploiting its supply chain by injecting an infected library file.

This malicious file downloaded an encrypted payload containing command-and-control (C2) server information, allowing attackers to potentially breach sensitive data. The 3CX breach highlights the growing risks in software supply chain security, emphasising the need for robust protective measures in today’s cybersecurity landscape.

In June 2023, the notorious MOVEit supply chain attack was launched. It targeted users of the MOVEit Transfer tool, a file transfer solution owned by Progress Software in the US. This widely used platform is designed to securely transfer sensitive files, making it particularly popular among US organisations.

The ransomware group Cl0p has been linked to this sophisticated MOVEit cyberattack, which exploited Exposed Web Interfaces to cause widespread data breaches. Attackers injected a web shell, dubbed LEMURLOOT, into the web-facing MOVEit Transfer application. This malicious tool enabled them to steal sensitive data from MOVEit Transfer databases, significantly damaging affected organisations.

In December, government officials warned that the Solarwind attackers were exploiting a critical vulnerability in JetBrains TeamCity servers. The critical authentication bypass vulnerability raised attention due to its potential impact and high severity.

Unauthenticated intruders with HTTP(S) access can exploit this flaw to gain administrative control of affected servers and execute remote code, presenting a potential vector for supply chain attacks. This attack was carried out by a Russian threat actor named Cozy Bear, who is linked to the Russian Foreign Intelligence Service.

In October 2023, Okta, a leading authentication and identity management service provider, disclosed a significant security breach. According to the company, cybercriminals gained unauthorised access to its customer support management system, potentially compromising private consumer data.

The attackers exploited this vulnerability to view sensitive files uploaded by certain customers in their support cases. This incident highlights the importance of robust identity and access management practices to safeguard against evolving cybersecurity threats.

The Top.gg bot community on Discord, boasting over 170,000 members, recently fell victim to a supply chain attack targeting developers with malware designed to steal sensitive information.

This cyberattack highlights the evolving tactics used by threat actors, including GitHub account hijacking, malicious Python package distribution, and deploying a fake Python infrastructure to deceive developers. Additionally, social engineering techniques were employed, further complicating detection and mitigation efforts.