Banks Hacked With Open-Source Software

Uploaded on 2023-08-03 in FREE TO VIEW

Cyber security researchers at Checkmarx in the first half of 2023 discovered that an open-source software supply chain campaign is targeting the banking industry.

Two banks have been targeted by open-source software supply chain attacks in recent months in what researchers are calling the first such incidents of their kind.

“These attacks showcased advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities to it,” says Checkmarx.

"Over the past four and a half years, the Russian-speaking group Red Curl has carried out at least 34 attacks on companies from the UK, Germany, Canada, Norway, Ukraine, and Australia".

The Hackers have created fake social media accounts to establish apparent validity alongside malicious software uploads.

In the first attack, the hackers uploaded malicious npm packages to the registry and posed as a bank employee.

The attackers created fake LinkedIn profiles to get in touch with the victims’ employees and used for each target a specific C2. The experts noticed that the contributor behind the malicious packages was linked to a LinkedIn profile page of an individual that was posing as an employee of the victim.

If the npm package was launched, the script determined the operating system type and downloaded a second-stage malware package via Azure’s CDN subdomains. The second-stage payload included the open-source command-and-control (C2) framework Havoc.

More attacks from the hacker have employed a similar strategy, where a malicious npm package would lay dormant until activated.

The other attack that Checkmarx reported on recently happened in February. Here too, the threat actor, completely separate from the attacker in May, uploaded their own package containing a malicious payload to npm.

In this instance, the payload was engineered specifically for the targeted bank. It was designed to hook onto a specific login form element on the bank's website and to capture and transmit information that users entered into the form when logging into the site.

Oodaloop:     The Hacker News:     Checkmarx:     Dark Reading:     The Record:     SOC Radar:     Security Affairs

 

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« US Ambassador To China Hacked
Australian Government Leaks Personal Data »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Prolinx

Prolinx

Prolinx provide secure Data Centre hosting services and other fully managed security services for networks and information systems.

Talend

Talend

Talend is a leader in cloud and big data integration software. Applications include Risk and Compliance management.

XBOSoft

XBOSoft

XBOSoft is a software QA and testing company. We cover the entire QA and testing life cycle including software and application security.

Integrity360

Integrity360

Integrity360 provide fully managed IT security services as well as security testing, integration, GRC and incident handling services.

Pole SCS (Secure Communicating Solutions)

Pole SCS (Secure Communicating Solutions)

SCS is a world-class competitiveness cluster dedicated to digital technologies in the fields of Microelectronics, Internet Of Things, Digital Security, Artificial Intelligence And Big Data.

Awake Security

Awake Security

Awake Security offer a security solution built on an AI platform that acts like the human brain to sense, detect, and respond to threats you may not even know exist.

Redbelt Security

Redbelt Security

Redbelt is a cyber security consultancy. We integrate people, systems, services and products to transform how your information security is delivered.

Energia Ventures

Energia Ventures

Energia Ventures is a three-month intensive accelerator for entrepreneurs with an innovative business in the energy, smart grid, cleantech, and cybersecurity sectors.

Paladin Capital Group

Paladin Capital Group

Paladin is a leading global investor that supports and grows the world’s most innovative cyber companies.

Startups.be

Startups.be

Startups.be helps tech entrepreneurs to be successful by providing quality access to service providers, business partners, customers and investors.

Cygenta

Cygenta

Cygenta brings a new approach to cybersecurity. We understand that true security means having digital, human and physical security working in harmony.

NACVIEW

NACVIEW

NACVIEW is a Network Access Control solution. It allows to control endpoints and identities that try to access the network - wired and wireless, including VPN connections.

Babble

Babble

Babble is a Unified Comms, Contact Centre and Cyber Solutions provider. We believe in making next-generation technology simple to use, deploy and manage.

Unisys

Unisys

Unisys is a global information technology company providing industry-focused solutions integrated with leading-edge security to clients in the government, financial services and commercial markets.

Pacific Certifications

Pacific Certifications

Pacific Certifications provide accredited certification, training and support services to help you improve processes, performance and products and services.

AppSOC

AppSOC

AppSOC is a leader in Application Security Posture Management (ASPM) and Code-to-Cloud Vulnerability Management.