Dec. 13, 2017

>>12019316

Bros… I didn't realize this was a supply-chain attack. It's hard to put in words how bad this is.

To non-tech anons, this is absolute pwnage - basically complete persistence with low chance of detection. Imagine you compromise a company with some popular software and then have the ability to ship (send out) malware disguised as software updates. The challenge would have been getting the data out undetected.

This is similar to what happened with CCleaner years ago where attackers were distributing malware via CCleaner software updates. The malware was signed and trusted by the OS as having come from the legitimate source.

Will be very interested to know how long they've had persistent access to possibly thousands of gov/corp servers.

https://boards.4chan.org/pol/thread/296563090/happening-happened-entire-government-hacked

>>12019434

https://deepsukebe.io/

>>12019480

https://i.4cdn.org/gif/1607917610527.webm