Andy Greenberg reports:
Every software supply chain attack, in which hackers corrupt a legitimate application to push out their malware to hundreds or potentially thousands of victims, represents a disturbing new outbreak of a cybersecurity scourge. But when that supply chain attack is pulled off by a mysterious group of hackers, abusing a Microsoft trusted software model to make their malware pose as legitimate, it represents a dangerous and potentially new adversary worth watching.
Today, researchers on the Threat Hunter Team at Broadcom-owned security firm Symantec revealed that they’d detected a supply chain attack carried out by a hacker group that they’ve newly named CarderBee.
Read more at WIRED.