Operation Red

Attackers compromised the update server of a remote support solutions provider to deliver malicious updates to targeted organizations in South Korea. The malicious update was signed using a valid certificate stolen from the remote support solutions provider

Attackers first compromised the update server, then configured the server to only deliver malicious files if the client is located in the range of IP addresses of their target organizations.

Imapct

N/A

Type of compromise

It appears the attackers compromised the publishing infrastructure, as well as signing keys for updates.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.