Legitimate software update mechanism abused to deliver wiper malware

ESET researchers analyzed a supply-chain attack abusing the software update mechanism of an Israeli ISV in order to deploy a wiper on target organizations in the diamond industry.

Impact

Organizations in Israel, South Africa and Hong Kong were compromised according to ESET, who also said the campaign lasted less than three hours with the ISV pushing out clean updates within a matter of hours of the attack.

Type of compromise

While ESET assesses that the Fantasy wiper was deployed using the ISV’s legitimate software update mechanism, it’s unclear from the report whether this involved code signing, which is why we classify this compromise in the Publishing infrastructure category.

References.

Fantasy – a new Agrius wiper deployed through a supply‑chain attack

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.