Jewelbug APT Targets IT Firm in Supply Chain Attack

A state-linked threat actor, tracked as Jewelbug, has been attributed to a five-month-long intrusion against an IT service provider in a partner nation. The espionage campaign gave the attackers access to code repositories and software build systems, creating the potential for a widespread supply chain attack against the firm's customers. To remain undetected, the group exfiltrated data to a popular local cloud service and utilized legitimate system tools like the Microsoft Console Debugger. This incident is part of a broader campaign by Jewelbug, which has also targeted government and technology entities in other regions with an evolving toolset, including a new backdoor that uses Microsoft Graph API for command-and-control. The group's focus on IT service providers and its use of stealthy techniques highlight its sophisticated capabilities and long-term espionage objectives.

Latest mentioned: 10-15

Earliest mentioned: 10-15

Sources

thehackernews.com security.com therecord.media cybersum.net

Also Read

WordPress WooCommerce Sites Targeted by Sophisticated Malware

The Wordfence Threat Intelligence Team has uncovered a sophisticated malware campaign targeting WordPress e-commerce sites using the WooCommerce plugin. The malware, disguised as legitimate plugins like 'jwt-log-pro' and 'cron-environment-advanced,' hides malicious payloads inside fake images and evades detection through custom encryption. It logs users with high privileges, intercepts login credentials, and establishes a backdoor for remote command access. The malware is attributed to Magecart Group 12, known for credit card skimming operations. The campaign has compromised over 25,000 IP addresses, primarily in Southeast Asia and North America, with a focus on network video recorders and routers.

10-31Read more →