Banks Hacked With Open-Source Software

Uploaded on 2023-08-03 in FREE TO VIEW

Cyber security researchers at Checkmarx in the first half of 2023 discovered that an open-source software supply chain campaign is targeting the banking industry.

Two banks have been targeted by open-source software supply chain attacks in recent months in what researchers are calling the first such incidents of their kind.

“These attacks showcased advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities to it,” says Checkmarx.

"Over the past four and a half years, the Russian-speaking group Red Curl has carried out at least 34 attacks on companies from the UK, Germany, Canada, Norway, Ukraine, and Australia".

The Hackers have created fake social media accounts to establish apparent validity alongside malicious software uploads.

In the first attack, the hackers uploaded malicious npm packages to the registry and posed as a bank employee.

The attackers created fake LinkedIn profiles to get in touch with the victims’ employees and used for each target a specific C2. The experts noticed that the contributor behind the malicious packages was linked to a LinkedIn profile page of an individual that was posing as an employee of the victim.

If the npm package was launched, the script determined the operating system type and downloaded a second-stage malware package via Azure’s CDN subdomains. The second-stage payload included the open-source command-and-control (C2) framework Havoc.

More attacks from the hacker have employed a similar strategy, where a malicious npm package would lay dormant until activated.

The other attack that Checkmarx reported on recently happened in February. Here too, the threat actor, completely separate from the attacker in May, uploaded their own package containing a malicious payload to npm.

In this instance, the payload was engineered specifically for the targeted bank. It was designed to hook onto a specific login form element on the bank's website and to capture and transmit information that users entered into the form when logging into the site.

Oodaloop:     The Hacker News:     Checkmarx:     Dark Reading:     The Record:     SOC Radar:     Security Affairs

 

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« US Ambassador To China Hacked
Australian Government Leaks Personal Data »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

Join our experts as they give the insights you need to power your Security Information and Event Management (SIEM).

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Hitachi ID Systems

Hitachi ID Systems

Hitachi ID Systems offers comprehensive identity management and access governance, privileged access management and password management solutions.

CertiKit

CertiKit

CertiKit produce toolkit products that accelerate the adoption of ISO/IEC standards, including ISO 27001, helping organizations all over the world to realize the benefits as soon as possible.

Research Institute in Science of Cyber Security (RISCS)

Research Institute in Science of Cyber Security (RISCS)

RISCS is focused on giving organisations more evidence, to allow them to make better decisions, aiding to the development of cybersecurity as a science.

Careers in Cyber Security (CiCS)

Careers in Cyber Security (CiCS)

CareersinCyberSecurity is a leading global job board and career resource for Cyber Security, IT Audit, Technology Risk and Data Protection professionals.

IDnow

IDnow

IDnow is the world’s fastest, most flexible and most secure identity verification platform, delivering instant verification of the identity documents used by 7 billion people.

EUROCONTROL

EUROCONTROL

EUROCONTROL is a pan-European, civil-military organisation dedicated to supporting European aviation. We help our stakeholders protect themselves against cyber threats.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Absolute IT Asset Disposals

Absolute IT Asset Disposals

Absolute IT Asset Disposals is an IT asset disposal (ITAD) company providing safe and secure recycling of IT assets.

CyberSaint Security

CyberSaint Security

CyberSaint’s CyberStrong Platform empowers organizations to implement automated, intelligent cybersecurity compliance and risk management.

White & Black

White & Black

White & Black are specialist corporate & technology lawyers based in London & Oxford.

Billington CyberSecurity

Billington CyberSecurity

Billington CyberSecurity is a leading, independent education company with an exclusive focus on cybersecurity.

Netlinkz

Netlinkz

Netlinkz has developed the Virtual Secure Network (VSN) overlay technology platform, a breakthrough in connectivity security, speed, and simplicity.

ITSEC Asia

ITSEC Asia

ITSEC Asia works to effectively reduce exposure to information security threats and improve the effectiveness of its clients' information security management systems.

Airtel Secure

Airtel Secure

Airtel Secure’s multi-layered, full service cybersecurity offerings are designed to safeguard enterprises against threats of various kinds and origins.

tTech

tTech

tTech is the first and foremost company providing outsourced Information Technology solutions to businesses in Jamaica.

Ascent Solutions

Ascent Solutions

Ascent is built to help firms evolve their cybersecurity posture, modernize their Microsoft solutions, and accelerate their journey to the cloud.