Researchers Claim that Suspected Chinese Hackers Messed with a Popular Customer Chat Service
Suspected Chinese hackers tampered with widely used software distributed by a small Canadian customer service company
Washington: Suspected Chinese hackers tampered with widely used software distributed by a small Canadian customer service company, another example of a “supply chain compromise” best known for hacking into US networking company SolarWinds.
US cybersecurity firm CrowdStrike said in a blog post that it discovered malware distributed by Vancouver-based Comm100, which provides customer service products such as chatbots and social media management tools to a group of clients around the world. world.
The scope and extent of the breach were not immediately clear. In a message, Comm100 said it reviewed its software on Thursday and more details will be forthcoming soon. The company did not immediately respond to requests for tracking information.
CrowdStrike researchers believe the malware has been circulating for a few days but did not say how many companies were affected, only revealing that “entities in a variety of industries” were infected. A person familiar with the matter cited dozens of known victims, though the actual number may be much higher.
Adam Myers, CEO of CrowdStrike, said in a phone interview that the hackers are suspected to be Chinese, citing their behavior patterns, code language, and the fact that one of the victims has been repeatedly targeted by Chinese hackers in the past.
The Chinese government rejected this claim. In an email, Chinese embassy spokesman Liu Bingyu said officials in Beijing “firmly oppose and crack down on all forms of cyber hacking in accordance with law” and that the US called “Chinese hackers.” “.
Supply chain compromises, which operate by manipulating widely used enterprise software to hack their customers, have been a growing concern since suspected Russian hackers broke into Texas IT management company SolarWinds Corp and used them as a springboard. to infiltrate US government agencies and hosts. of private companies.
Myers, whose company was among the companies that responded to the SolarWinds attack, said Comm100’s discovery was a reminder that other countries have used the same technologies.
“China is involved in supply chain attacks,” he said.
Read More News Updates Visit our Site InsightFello.