A team of researchers has detected that several attacks have been carried out against a software update whose name has not been revealed.
However, it is known that the compromised software is a well-known editing application. The research team is a part of Windows Defender Advanced Threat Protection system.
After attacking the software update system, the attackers also gained remote access to targeted computers with which they were able to execute malware in the system.
According to the Microsoft’s researchers, the system used by the attackers are PowerShell scripts combined with the Meterpreter reverse shell, which allowed them to silently infiltrate the target and without letting users know that his or her system was being hacked.
Similar techniques have been used previously to carry out some high-profile attacks.
It was fortunate that the researchers detected the attacks quite early on. They collaborated with security experts of the systems to minimize the effects of the attack.
However, Microsoft have advised third-party software vendors to be more careful when creating update systems. And said that software vendors should abstain themselves from executing their systems blindly without validating their digital signatures against their own certifications.
“It’s early discovery allowed incident responders – a collaboration of security experts from the targeted industries and developers working for the third-party software vendor – to work with Microsoft security researchers to promptly identify and neutralize the activities associated with this cyber espionage campaign,” Microsoft.
However, it is known that the compromised software is a well-known editing application. The research team is a part of Windows Defender Advanced Threat Protection system.
After attacking the software update system, the attackers also gained remote access to targeted computers with which they were able to execute malware in the system.
According to the Microsoft’s researchers, the system used by the attackers are PowerShell scripts combined with the Meterpreter reverse shell, which allowed them to silently infiltrate the target and without letting users know that his or her system was being hacked.
Similar techniques have been used previously to carry out some high-profile attacks.
It was fortunate that the researchers detected the attacks quite early on. They collaborated with security experts of the systems to minimize the effects of the attack.
However, Microsoft have advised third-party software vendors to be more careful when creating update systems. And said that software vendors should abstain themselves from executing their systems blindly without validating their digital signatures against their own certifications.
“It’s early discovery allowed incident responders – a collaboration of security experts from the targeted industries and developers working for the third-party software vendor – to work with Microsoft security researchers to promptly identify and neutralize the activities associated with this cyber espionage campaign,” Microsoft.