JAKARTA - Chinese hackers suspected of damaging widely used software distributed by customer service companies in Canada, are another example of "supply chain hacking". This method became well-known for hacking US network company SolarWinds.
US cybersecurity company CrowdStrie said in a blog post that it had discovered malicious software distributed by Vancouver-based Comm100. The company provides customer service products, such as chat bots and social media management tools, to clients around the world.
The scope and scale of the hack are not clear yet. In a message, Comm100 said it had fixed its software Thursday morning, September 29 and more details would follow soon. The company did not immediately respond to a request for further information from Reuters.
CrowdStricte researchers believe the malicious software has been circulating for days but will not say how many companies have been affected. They only revealed that "entity in various industries" was affected. Someone familiar with the matter cited a dozen known victims, although the actual figure could be much higher.
Comm100 on its website says it has more than 15,000 subscribers in about 80 countries.
CrowdStric executive Adam Meyers said in a telephone interview that hackers were allegedly Chinese, citing their behavioral patterns, language in code, and the fact that one victim had repeatedly been targeted by Chinese hackers in the past.
The Chinese government rejected the claim. In an email, Chinese Embassy spokesman Liu Pengyu said officials in Beijing "firmly oppose and crack down on all forms of cyber hacking in accordance with the law" and that the United States is "very active in fabricating and spreading lies about what it calls 'China hackers.'"
Hacking the supply chain, which works by damaging the company's software, which is widely used to hack its downstream clients, has come to growing attention since alleged Russian hackers broke into Texas IT management firm SolarWinds Corp. They allegedly used it as a stepping stone to hack into US government agencies and a number of private companies.
Meyers, whose company was among those responding to the SolarWinds hack, said Comm100's findings were a reminder that other countries used the same technique.
"China was involved in the supply chain attack," he said.
The English, Chinese, Japanese, Arabic, French, and Spanish versions are automatically generated by the system. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)