Banks Hacked With Open-Source Software

Uploaded on 2023-08-03 in FREE TO VIEW

Cyber security researchers at Checkmarx in the first half of 2023 discovered that an open-source software supply chain campaign is targeting the banking industry.

Two banks have been targeted by open-source software supply chain attacks in recent months in what researchers are calling the first such incidents of their kind.

“These attacks showcased advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities to it,” says Checkmarx.

"Over the past four and a half years, the Russian-speaking group Red Curl has carried out at least 34 attacks on companies from the UK, Germany, Canada, Norway, Ukraine, and Australia".

The Hackers have created fake social media accounts to establish apparent validity alongside malicious software uploads.

In the first attack, the hackers uploaded malicious npm packages to the registry and posed as a bank employee.

The attackers created fake LinkedIn profiles to get in touch with the victims’ employees and used for each target a specific C2. The experts noticed that the contributor behind the malicious packages was linked to a LinkedIn profile page of an individual that was posing as an employee of the victim.

If the npm package was launched, the script determined the operating system type and downloaded a second-stage malware package via Azure’s CDN subdomains. The second-stage payload included the open-source command-and-control (C2) framework Havoc.

More attacks from the hacker have employed a similar strategy, where a malicious npm package would lay dormant until activated.

The other attack that Checkmarx reported on recently happened in February. Here too, the threat actor, completely separate from the attacker in May, uploaded their own package containing a malicious payload to npm.

In this instance, the payload was engineered specifically for the targeted bank. It was designed to hook onto a specific login form element on the bank's website and to capture and transmit information that users entered into the form when logging into the site.

Oodaloop:     The Hacker News:     Checkmarx:     Dark Reading:     The Record:     SOC Radar:     Security Affairs

 

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« US Ambassador To China Hacked
Australian Government Leaks Personal Data »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Opengear

Opengear

Opengear ensures network resilience to enterprises by enabling business continuity with the Network Resilience Platform.

Qualys

Qualys

Qualys is a pioneer and leading provider of cloud security and compliance solutions.

RSA Insurance Group

RSA Insurance Group

RSA is one of the world’s leading multinational quoted insurance groups. Commercial services include cyber risk insurance.

RedSeal

RedSeal

RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events.

SteelCloud

SteelCloud

SteelCloud has spent the last decade inventing technology to automate policy compliance, configuration control, and Cloud security.

Volatility Foundation

Volatility Foundation

Volatility is an open source memory forensics framework for incident response and malware analysis.

CryptoTec

CryptoTec

CryptoTec is a provider of security concepts and encryption solutions for secure communication between decentralized computerized systems.

BigWeb Technologies

BigWeb Technologies

BigWeb Technologies is dedicated to provide its clients with ICT related services including Infrastructure Solutions, Consultancy and Security.

CyberWhite

CyberWhite

CyberWhite is a disruptive provider of cyber security and risk mitigation solutions.

Alacrinet

Alacrinet

Alacrinet is an IT and cyber security consultancy. From penetration testing to fully managed MSSP, our team is focused on knowing the latest threats, preventing vulnerabilities, and providing value.

Emtec

Emtec

Emtec’s cyber security team provides advisory, assessment, & managed security services that help you build the cyber security policies, toolsets & best practices to elevate your cyber security posture

Guardz

Guardz

Guardz helps small and growing businesses to go from zero or low cyber protection to having comprehensive security – in the quickest and most straightforward way.

Orbis Cyber Security

Orbis Cyber Security

Orbis is one of the leading cybersecurity company in USA. Our cybersecurity specialist defends your data, combat threat, and modernize your compliance.

Genix Cyber

Genix Cyber

Genix Cyber provides world-class cybersecurity services that protect systems, cloud applications, infrastructure, critical data, and networks from evolving cyber threats.

TeamT5

TeamT5

TeamT5 Inc. is a leading cybersecurity company dedicated to cyber threat research and solutions.

InstaSecure

InstaSecure

InstaSecure’s Preventive Cloud Controls accelerate alert remediation and strengthen cloud configurations. Set your controls once and prevent current and future risks.