Novel Carderbee supply chain attack impacts Asian organizations

Organizations across Asia, especially in Hong Kong, have been targeted by a software supply chain attack by the newly discovered Carderbee hacking operation that commenced in April, CyberScoop reports. Attackers have leveraged a Cobra DocGuard software update file to facilitate the delivery of the Korplug malware, also known as PlugX, to nearly 100 computers across various organizations, according to a report from the Symantec Threat Hunter Team. Sophisticated threat actors are believed to be behind the supply chain attack due to the presence of signed malware to conceal malicious activity, said researchers. "The Korplug back door is usually used by China-linked APT groups. In addition to this, the targeting is in line with what we've seen from China-linked groups in the past. As stated in the blog there are also some similarities between this activity and previous activity carried out by the Budworm (aka APT27) group," said Symantec Senior Intelligence Analyst Brigid Gorman.