The issue known as UTG-Q-003 involves the supply chain poisoning of 7ZIP on the Microsoft App Store. This incident has been investigated and reported by various cybersecurity sources:
QiAnXin Threat Intelligence Center's Discovery: The QiAnXin Threat Intelligence Center found that hackers were targeting 7ZIP to deliver or spread malware via the Microsoft App Store. They identified the WindowsPackageManagerServer triggering Lumma Stealer in a unique endpoint twist.
Lumma Stealer and 7z-soft Malware Involvement: The group behind this attack is associated with the Lumma Stealer and 7z-soft malware. These malicious programs evaded detection for more than a year and are currently under investigation by Microsoft.
Undetected Lumma Stealer Initiation: The QiAnXin Threat Intelligence Center observed unusual behavior during routine endpoint operations. A process named WindowsPackageManagerServer, through complex operations, eventually initiated the undetected Lumma Stealer.
This information indicates a significant security concern where trusted platforms like the Microsoft App Store can be exploited to distribute malware, emphasizing the importance of vigilant cybersecurity practices and continuous monitoring of software supply chains. For further details, you may want to directly visit the sources mentioned or consult additional cybersecurity news and analysis platforms.
IoC
HOSTNAME
- nvzz.skitech.top
- ntu.trainlove.monster
- ntop.toppe.top
- ntak.soydet.top
- nsec.estimate.top
- nop.topina.top
- nnoo.egogol.top
- nmy.gusel.mom
- nkar.azwin.top
- njjj.ustrun.top
- nhi.salam.monster
- nh2o.activebuy.top
- ngry.gendalf.top
- nexe.foxpro.top
HOSTNAME
- nrosaryconbo.fun
- nplengreg.fun
- nmazerah.fun
- nimagefilestorage.top
- nhowlcars.fun
- nhawsteamjoak.fun
SHA1
- 2dadce72fa8391be6cdd1d4de494f7b2bfdbf0d3
REFERENCES
- https://cybersecuritynews.com/malicious-7zip-on-microsoft-app-store/#:~:text=Cybersecurity%20researchers%20at%20QiAnXin%20Threat,in%20a%20unique%20endpoint%20twist
- https://www.securitricks.com/utg-q-003-supply-chain-poisoning-of-7zip-on-the-microsoft-app-store-tuesday-december-12-2023/#:~:text=UTG,currently%20being%20investigated%20by%20Microsoft
- https://ti.qianxin.com/blog/articles/UTG-Q-003-Supply-Chain-Poisoning-of-7ZIP-on-the-Microsoft-App-Store-EN/
- https://otx.alienvault.com/pulse/657898bb7319baba70af7f94
No comments:
Post a Comment