Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
China Security

Suspected Chinese Hackers Tampered With Widely Used Canadian Chat Program, Researchers Say (reuters.com) 11

Posted by msmash from the closer-look dept.
Suspected Chinese hackers tampered with widely used software distributed by a small Canadian customer service company, another example of a "supply chain compromise" made infamous by the hack on U.S. networking company SolarWinds. From a report: U.S. cybersecurity firm CrowdStrike will say in an upcoming blog post seen by Reuters that it had discovered malicious software being distributed by Vancouver-based Comm100, which provides customer service products, such as chat bots and social media management tools, to a range of clients around the globe. The scope and scale of the hack wasn't immediately clear. In a message, Comm100 said it had fixed its software earlier Thursday and that more details would soon be forthcoming. The company did not immediately respond to follow-up requests for information. CrowdStrike researchers believe the malicious software was in circulation for a couple of days but wouldn't say how many companies had been affected, divulging only that "entities across a range of industries" were hit.
This discussion has been archived. No new comments can be posted.

Suspected Chinese Hackers Tampered With Widely Used Canadian Chat Program, Researchers Say More

Suspected Chinese Hackers Tampered With Widely Used Canadian Chat Program, Researchers Say

Comments Filter:
  • The one that inserts the "eh" at the end of every sentence?

  • CrowdStrike will say in an upcoming blog post seen by Reuters

    what exactly does this mean? CrowdStrike PR department did a Press Release for the Press Release?

    • No, Reuters hacked Crowdstrike and gained access to their "My Documents" folder.
    • It means the blogger for Crowdstrike is so unsure of them self that they had Reuters proofread it in return for Reuters having an exclusive first look.

      Crowdstrike PR shouldn't be near this since the news is actually about another company (Comm100).
  • https://www.crowdstrike.com/bl... [crowdstrike.com]
    it reads a bit like a sales pitch. It appears crowdstrike had some sort of automated system that detected malicious activity. Likely the download of additional payloads or the malicious modification of notepad.exe. The catching of the malicious code does seem impressive. I'm not sure how a supply chain attack can affect software unless everyone regularly uses untrusted node.js code.

Slashdot Top Deals

E = MC ** 2 +- 3db

Close