software supply-chain attacks

[labbe5]

https://www.wired.com/story/ccleaner-ma ... ech-firms/

The exact dimensions of the CCleaner attack will likely continue to be redrawn, as analysis continues. But it already represents another serious example in the string of software supply-chain attacks that have recently rocked the internet. Two months earlier, hackers hijacked the update mechanism of the Ukrainian accounting software MeDoc to deliver a destructive piece of software known as NotPetya, causing massive damage to companies in Ukraine as well as in Europe and the United States. In that case, as in the CCleaner attack, victims installed seemingly legitimate software from a small but trusted company, only to find that it had been silently corrupted, deeply infecting their IT systems.

In the days following the NotPetya attack, many in the security research community shifted their assessment of the attack from a criminal ransomware outbreak to something more insidious, targeted, and created by nation-state hackers. Now, it seems that the mystery surrounding the CCleaner attack may be moving in that same, disturbing direction.

Further reading :
https://arstechnica.com/information-tec ... ous-pages/
https://www.maketecheasier.com/what-to- ... +Easier%29
https://arstechnica.com/information-tec ... d-ukraine/