Stories
Slash Boxes
Comments

SoylentNews is people

Microsoft Discovers Supply Chain Attack at Unnamed Maker of PDF Software

posted by chromas on Saturday July 28 2018, @04:20AM   Printer-friendly
from the too-small-to-be-named dept.

MrPlow writes:

Submitted via IRC for BoyceMagooglyMonkey

Microsoft said today that hackers compromised a font package installed by a PDF editor app and used it to deploy a cryptocurrency miner on users' computers.

The OS maker discovered the incident after its staff received alerts via the Windows Defender ATP, the commercial version of the Windows Defender antivirus.

Microsoft employees say they investigated the alerts and determined that hackers breached the cloud server infrastructure of a software company providing font packages as MSI files. These MSI files were offered to other software companies.

One of these downstream companies was using these font packages for its PDF editor app, which would download the MSI files from the original company's cloud servers during the editor's installation routine.

[...] Microsoft did not reveal the names of the two software companies involved in this incident. The OS maker says the compromise lasted between January and March 2018, and affected only a small number of users, suggesting the hacked companies aren't big names on the PDF software market.

Indicators of compromise are available in Microsoft's report on the attack, here.

Source: https://www.bleepingcomputer.com/news/security/microsoft-discovers-supply-chain-attack-at-unnamed-maker-of-pdf-software/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Microsoft Discovers Supply Chain Attack at Unnamed Maker of PDF Software | Log In/Create an Account | Top | 8 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Saturday July 28 2018, @10:06AM (2 children)

    by Anonymous Coward on Saturday July 28 2018, @10:06AM (#713957)

    Either a public facing system could sign packages, or the packages were unsigned.

    In either case the company, and all those downstream in the case of unsigned packages, should be named and shamed.

  • (Score: 0) by Anonymous Coward on Saturday July 28 2018, @10:50AM (1 child)

    by Anonymous Coward on Saturday July 28 2018, @10:50AM (#713964)

    From TFA:

    Security researchers said it was easy to identify which MSI font package was the malicious one because all other MSI files were signed by the original software company, except one file, which lost its authenticity when crooks injected the coinminer code inside it.

    • (Score: 0) by Anonymous Coward on Saturday July 28 2018, @11:32AM

      by Anonymous Coward on Saturday July 28 2018, @11:32AM (#713970)

      Lameness filter encountered. Post aborted!
      Filter error: Missing Comment.