Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Supply Chain Attack Targets Customer Engagement Firm Comm100

CrowdStrike is warning of a recently identified supply chain attack involving Canada-based customer engagement software provider Comm100.

CrowdStrike is warning of a recently identified supply chain attack involving Canada-based customer engagement software provider Comm100.

As part of the attack, a trojanized Comm100 Live Chat installer signed with a valid Comm100 Network Corporation certificate on September 26 was distributed from the company’s website from at least September 27 until September 29, 2022. The vendor claims to have more than 15,000 customers across 51 countries.

“The trojanized file was identified at organizations in the industrial, healthcare, technology, manufacturing, insurance and telecommunications sectors in North America and Europe,” CrowdStike says.

The Comm100 installer is an Electron application in which the attackers injected a JavaScript backdoor, within the main.js file of the embedded archive. When executed, the backdoor fetches and runs a second-stage script from an external resource.

The script’s obfuscated code contains a backdoor to harvest system information and to provide the attackers with remote shell functionality.

At the next stage, the attacker deployed additional payloads onto the compromised hosts, including a malicious loader DLL that decrypts and executes in memory a shellcode that injects an embedded payload into a new instance of notepad.exe.

CrowdStrike believes that the attack is the work of a China nexus threat actor that previously targeted various online gambling entities in Asia, despite differences in the delivered payload, in the target scope and the supply chain attack mechanism.

“Despite these differences, CrowdStrike Intelligence assesses that the actor responsible for previously identified online gambling targeting is also likely responsible for these recent incidents,” the cybersecurity firm says.

Advertisement. Scroll to continue reading.

An updated Comm100 installer has been released to remove the malicious code and all Comm100 customers are advised to download and install the latest version of the application.

Comm100 appears to be investigating the incident, but has not shared any information on the attack. SecurityWeek has emailed the company for clarification on the incident and will update the article as soon as a reply arrives.

Related: Chinese Cyberspies Use Supply Chain Attack to Deliver Windows, macOS Malware

Related: The Vulnerable Maritime Supply Chain – a Threat to the Global Economy

Related: Software Supply Chain Attacks Tripled in 2021: Study

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem