Hackers hijacked Microsoft’s trust model to make their malware harder to detectHackers

September 6, 2023 by Namorgy

By Wired.com

EVERY SOFTWARE SUPPLY chain attack, in which hackers corrupt a legitimate application to push out their malware to hundreds or potentially thousands of victims, represents a disturbing new outbreak of a cybersecurity scourge. But when that supply chain attack is pulled off by a mysterious group of hackers, abusing a Microsoft trusted software model to make their malware pose as legitimate, it represents a dangerous and potentially new adversary worth watching.

Beyond the usual disturbing breach of trust in legitimate software that occurs in every software supply chain, Symantec says, the hackers also managed to get their malicious code—a backdoor known as Korplug or PlugX and commonly used by Chinese hackers—digitally signed by Microsoft. The signature, which Microsoft typically uses to designate trusted code, made the malware far harder to detect.

Our Sponsor

www.Namorgy.com

Namorgy Network Solutions LLC
is dedicated to providing cost-effective IT Managed Services to small and midsize businesses that want to improve their productivity. With our comprehensive approach to Managed Services, we are your single source for all things IT, fully committed to customer service excellence. Our fast and friendly team of experts is always thinking ahead to deliver the best service possible.

Pete Groman
Namorgy Network Solutions GeekByTheWeek[TM]
pete@namorgy.com
972-454-0029

About ISpeakGeek.BIZ

Privacy and Disclosures:

Ispeakgeek .BIZ is a technology advocacy blog that is intended to help individuals and small businesses with understanding business technology. Most of the articles here are content derived from 3rd parties, including our sponsor. I speak geek .BIZ nor our sponsor makes no claims or warranties as to the veracity of the information. All content here in is provided as opinion. Your experience with these products or services may vary.

Your privacy is important to us. We do not record comments and therefore we do not require or record login information or use cookies or tracking information that could uniquely identify you. Unless you have freely given such information in a chat window, we do not have information on website visitors. Any information retained by our web host or stat counters is NOT sold or shared with any other 3rd party.

Advertisements displayed are generated by a 3rd party under their formula and control. I speak geek .BIZ does profit from their click-through, but has only loose control over subject matter categorically, and no control over detail or specific advertisers.

I speak geek .BIZ is affiliated with our sponsor: Namorgy Network Solutions LLC. Namorgy provides the hosting of the I speak geek.BIZ website. Therefore many of the articles here, though general in nature, or related to other 3rd party products, will offer contact information for Namorgy a point of contact for consulting.

Unless otherwise stated, I speak geek .BIZ is not affiliated with nor paid by any other third party or product. I do not receive cash or in-kind payment to review a product or service or for any of my endorsements.

These disclosures are posted as required by FTC ruling http://www.ftc.gov/opa/2009/10/endortest.shtm

Thank you.