Suspected Chinese hackers tampered with widely used customer chat program
ETtech

The scope and scale of the hack was not immediately clear. In a message, Comm100 said it had fixed its software earlier Thursday and that more details would soon be forthcoming. The company did not immediately respond to follow-up requests for information.

Suspected Chinese hackers tampered with widely used software distributed by a small Canadian customer service company, another example of a “supply chain compromise” made infamous by the hack on U.S. networking company SolarWinds.
U.S. cybersecurity firm CrowdStrike said in a blog post it had discovered malicious software being distributed by Vancouver-based Comm100, which provides customer service products, such as chat bots and social media management tools, to a range of clients around the globe.
The scope and scale of the hack was not immediately clear. In a message, Comm100 said it had fixed its software earlier Thursday and that more details would soon be forthcoming. The company did not immediately respond to follow-up requests for information.
CrowdStrike researchers believe the malicious software was in circulation for a couple of days but would not say how many companies had been affected, divulging only that “entities across a range of industries” were hit. A person familiar with the matter cited a dozen known victims, although the actual figure could be much higher.
Comm100 on its website said it had more than 15,000 customers in some 80 countries.
CrowdStrike executive Adam Meyers said in a telephone interview that the hackers were suspected to be Chinese, citing their patterns of behavior, language in the code, and the fact that one victim had repeatedly been targeted by Chinese hackers in the past.
The Chinese government rejected the claim. In an email, Chinese Embassy spokesperson Liu Pengyu said officials in Beijing “firmly oppose and crack down on all forms of cyber hacking in accordance with the law” and that the United States “has been loudly active in fabricating and spreading lies about so-called ‘Chinese hackers.'”
Supply chain compromises – which work by tampering with widely used enterprise software to hack its clients downstream – have been of increasing concern since alleged Russian hackers broke into Texas IT management firm SolarWinds Corp and used it as a springboard to hack U.S. government agencies and a host of private firms.
Meyers, whose firm was among those that responded to the SolarWinds hack, said the Comm100 find was a reminder that other nations used the same techniques.
“China is engaging in supply chain attacks,” he said.

NEWS RELATED

How to protect your business from financial crime

As more and more of modern life goes online, so too does sensitive data. For businesses, the protection of that data is tantamount to ensuring longevity and health. However, it is only getting more difficult to protect sensitive data from financial crime, due in large part to the overwhelming ...

View more: How to protect your business from financial crime

Stay vigilant: How cloud interconnectivity is amplifying the effects of mobile phishing

As businesses and users around the world become increasingly connected through mobile cloud-based platforms and services, cybercriminals are devising phishing strategies that specifically exploit these connections. One example was the recent attack on cloud communications company Twilio that led to a series of security breaches. Attackers first gained access to ...

View more: Stay vigilant: How cloud interconnectivity is amplifying the effects of mobile phishing

Become an ethical hacker with this ten-course certification bundle

As new challenges emerge in the cybersecurity space, IT professionals are increasingly expected to have ethical hacking as part of their core skill sets. The 2023 Complete Cyber Security Ethical Hacking Certification Bundle offers ten courses to build your skills, and right now, you can get it for less ...

View more: Become an ethical hacker with this ten-course certification bundle

Your iPhone may be collecting more personal data than you realize

WordPress › Error There has been a critical error on this website. Learn more about troubleshooting WordPress.

View more: Your iPhone may be collecting more personal data than you realize

Update Windows now — Microsoft just fixed several dangerous exploits

Microsoft has just released a new patch, and this time around, the update comes with fixes for several dangerous and actively abused vulnerabilities and exploits in Windows. A total of 68 vulnerabilities were addressed in the patch, many of them critical. Here’s what was fixed and how to make sure ...

View more: Update Windows now — Microsoft just fixed several dangerous exploits

Launch a career with a $34.99 lifetime deal to StackSkills platform

If you don’t have a lot to be thankful for this year, here’s one idea: Set yourself up for success next year. All it takes is a little motivation and some training in a marketable skill. And while the motivation is up to you, the training just got a ...

View more: Launch a career with a $34.99 lifetime deal to StackSkills platform

Data Protection Bill | A step closer to a dedicated data protection framework

Representational image The Draft Digital Personal Data Protection Bill, 2022 comes on the heels of the Personal Data Protection Bill, 2019 being withdrawn from Parliament. The draft Bill is a culmination of several rounds of discussions with and within the Ministry of Electronics and Information Technology. The current version has been ...

View more: Data Protection Bill | A step closer to a dedicated data protection framework

Microsoft Security: Hackers Could Target Forgotten Open Source Server to Breach Systems

Microsoft Threat Intelligence Center is warning the abandoned OSS Boa server could have vulnerabilities that attackers can exploit.

View more: Microsoft Security: Hackers Could Target Forgotten Open Source Server to Breach Systems

The Black Friday 2022 Security, IT, VPN, & Antivirus Deals

Holiday Online Shopping Tips: How to Avoid Internet Frauds, as per Cybersecurity Experts

Black Friday Scam is Everywhere: Here's How to Protect Yourself During his Shopping Occasion

5 new technologies could turn our world into scary, real-life ‘Peripheral’

The Cyber Monday 2022 Security, IT, VPN, & Antivirus Deals

Hackers’ Cyber Monday deals will be unbelievably good

Computer crash causes chaos at Brooklyn hospitals network with ties to Hochul

MIT Policy Hackathon produces new solutions for technology policy challenges

Noname Security appoints Nextgen as Philippines distributor

Selangor forms cyber response team to combat cybercrime

'Quiet Quitting' Employees Opens Cybersecurity Risks For Companies

Google Project Zero Finds OEMs Have Not Patched Major Vulnerability

OTHER NEWS

Breaking thailand news, thai news, thailand news Verified News Story Network