Saturday, December 16, 2023

UTG-Q-003: Supply Chain Poisoning of 7ZIP on the Microsoft App Store

The issue known as UTG-Q-003 involves the supply chain poisoning of 7ZIP on the Microsoft App Store. This incident has been investigated and reported by various cybersecurity sources:

QiAnXin Threat Intelligence Center's Discovery: The QiAnXin Threat Intelligence Center found that hackers were targeting 7ZIP to deliver or spread malware via the Microsoft App Store. They identified the WindowsPackageManagerServer triggering Lumma Stealer in a unique endpoint twist.

Lumma Stealer and 7z-soft Malware Involvement: The group behind this attack is associated with the Lumma Stealer and 7z-soft malware. These malicious programs evaded detection for more than a year and are currently under investigation by Microsoft.

Undetected Lumma Stealer Initiation: The QiAnXin Threat Intelligence Center observed unusual behavior during routine endpoint operations. A process named WindowsPackageManagerServer, through complex operations, eventually initiated the undetected Lumma Stealer.

This information indicates a significant security concern where trusted platforms like the Microsoft App Store can be exploited to distribute malware, emphasizing the importance of vigilant cybersecurity practices and continuous monitoring of software supply chains. For further details, you may want to directly visit the sources mentioned or consult additional cybersecurity news and analysis platforms.

IoC

    HOSTNAME

  • nvzz.skitech.top
  • ntu.trainlove.monster
  • ntop.toppe.top
  • ntak.soydet.top
  • nsec.estimate.top
  • nop.topina.top
  • nnoo.egogol.top
  • nmy.gusel.mom
  • nkar.azwin.top
  • njjj.ustrun.top
  • nhi.salam.monster
  • nh2o.activebuy.top
  • ngry.gendalf.top
  • nexe.foxpro.top

HOSTNAME

  • nrosaryconbo.fun
  • nplengreg.fun
  • nmazerah.fun
  • nimagefilestorage.top
  • nhowlcars.fun
  • nhawsteamjoak.fun

    SHA1

  • 2dadce72fa8391be6cdd1d4de494f7b2bfdbf0d3

REFERENCES

  • https://cybersecuritynews.com/malicious-7zip-on-microsoft-app-store/#:~:text=Cybersecurity%20researchers%20at%20QiAnXin%20Threat,in%20a%20unique%20endpoint%20twist
  • https://www.securitricks.com/utg-q-003-supply-chain-poisoning-of-7zip-on-the-microsoft-app-store-tuesday-december-12-2023/#:~:text=UTG,currently%20being%20investigated%20by%20Microsoft
  • https://ti.qianxin.com/blog/articles/UTG-Q-003-Supply-Chain-Poisoning-of-7ZIP-on-the-Microsoft-App-Store-EN/
  • https://otx.alienvault.com/pulse/657898bb7319baba70af7f94

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Fog of Cyber Warfare: Cloud Atlas Spies Attack Russian Companies Under the guise of Supporting NWO Participants

Cloud Atlas is a pro-government advanced persistent threat (APT) group that specializes in cyber espionage and theft of confidential informa...