Story image

ShadowPad exploit ‘one of the biggest’ APAC supply chain attacks

22 Aug 17

Malaysia’s Computer Emergency Response Team (MyCERT) has commented on what has been called one of the biggest known supply chain attacks which affected multiple software products in the NetSarang range.

Several recent versions of NetSarang Server Management software were compromised by the ‘ShadowPad’ exploit. The exploit is capable of allowing attackers to download additional malware or steal confidential business data.

The exploit seems to have hit victims with IP addressed originating in Malaysia, according to MyCERT. A statement from NetSarang says that the exploit has been spotted once in the wild in Hong Kong.

“ShadowPad is an example of how dangerous and wide-scale a successful supply-chain attack can be. Given the opportunities for reach and data collection it gives to the attackers, most likely it will be reproduced again and again with some other widely used software component,” comment Kaspersky Labs researchers.

The victims downloaded the compromised software between July 18 and August 4 this year, the MyCERT advisory says. NetSarang has released new versions of the software.

The products caught up in the backdoor are limited to:

•    Xmanager Enterprise 5.0 Build 1232
•    Xmanager 5.0 Build 1045
•    Xshell 5.0 Build 1322
•    Xftp 5.0 Build 1218
•    Xlpd 5.0 Build 1220

“To combat the ever-changing landscape of cyberattacks NetSarang has incorporated various methods and measures to prevent our line of products from being compromised, infected, or utilized by cyberespionage groups. Regretfully, the Build release of our full line of products on July 18th, 2017 was unknowingly shipped with a backdoor which had the potential to be exploited by its creator,” a statement from NetSarang says.

MyCERT recommends that all businesses who use the affected software to stop using them immediately and apply available patches.

“Users can update by going to Help -> Check for Updates directly in their client or download the latest Build from NetSarang website.”

The latest Builds are Xmanager Enterprise Build 1236, Xmanager Build 1049, Xshell Build 1326, Xftp Build 1222, and Xlpd Build 1224.

NetSarang is committed to its users’ privacy and has incorporated a more robust system to ensure that never again will a compromised product be delivered to its users. NetSarang will continue to evaluate and improve our security not only to combat the efforts of cyber espionage groups around the world but also in order to regain the trust of its loyal user base.”

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

“We are working with Kaspersky Labs to further evaluate the exploit and will update our users with any pertinent information,” NetSarang concludes.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Verifi takes spot in Deloitte Asia Pacific Fast 500
"An increasing amount of companies captured by New Zealand’s Anti-Money laundering legislation are realising that an electronic identity verification solution can streamline their customer onboarding."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.