Malware enabling rogue admin account creation has been injected into five WordPress plugins with more than 30,000 cumulative downloads as part of a software supply chain attack that commenced on Friday.
Acquisition of the domain led to Polyfill.io being CNAMEd to polyfill.io[.]bsclink[.]cn, which facilitated the deployment of malicious code redirecting to a fraudulent Google analytics domain.
Such sanctions have been derided by Kaspersky to be "unjustified and baseless," emphasizing that none of the sanctioned individuals are connected to Russian intelligence and military authorities.
Impacted networks have been immediately shut down to contain the intrusions, which have not resulted in the exposure of any classified satellite and rocket operations and national security data, officials said.
Security pros say the follow-up social engineering attacks CDK's auto dealer customers experienced are standard fare today – so companies must stay vigilant.