Microsoft Warn Users of Cyber Attacks on Windows Software Update System
Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattac
Earlier this week, the research team which is part of Windows Defender Advanced Threat Protection system, detected several attacks being carried out against a software’s update system whose name has not yet been revealed – All that is known about the software is that it is a well-known editing application and that the creator or vendor of the software also experienced attacks.
The consequences of the attack: It is said that the attackers, by hacking the software update system, were able to gain remote access to certain targeted computers. They were then able to execute malware without the victim knowing about the infection.
How was the carried out: Microsoft’s researchers said that the attackers used PowerShell scripts combined with the Meterpreter reverse shell. This allowed them to silently infiltrate the target and as such the victim was not aware that his or her system was being hacked. Also, it has been said that similar techniques have been used previously to carry out some high-profile attacks whereby the targets were highly valuable systems.
Altair Technologies’ EvLog update process, SimDisk which is an automatic update system for the South Korean software and ESTsoft’s ALZip compression application’s update server were among the victims of previous attacks.