SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Encryption
#
Encryption backdoor
#
Exploits
ShadowPad exploit ‘one of the biggest’ APAC supply chain attacks
Tue, 22nd Aug 2017
FYI, this story is more than a year old
Author image
By Sara Barker, Copywriter and Senior News Editor
Follow us

Malaysia's Computer Emergency Response Team (MyCERT) has commented on what has been called one of the biggest known supply chain attacks which affected multiple software products in the NetSarang range.

Several recent versions of NetSarang Server Management software were compromised by the ‘ShadowPad' exploit. The exploit is capable of allowing attackers to download additional malware or steal confidential business data.

The exploit seems to have hit victims with IP addressed originating in Malaysia, according to MyCERT. A statement from NetSarang says that the exploit has been spotted once in the wild in Hong Kong.

“ShadowPad is an example of how dangerous and wide-scale a successful supply-chain attack can be. Given the opportunities for reach and data collection it gives to the attackers, most likely it will be reproduced again and again with some other widely used software component,” comment Kaspersky Labs researchers.

The victims downloaded the compromised software between July 18 and August 4 this year, the MyCERT advisory says. NetSarang has released new versions of the software.

The products caught up in the backdoor are limited to:

•    Xmanager Enterprise 5.0 Build 1232 •    Xmanager 5.0 Build 1045 •    Xshell 5.0 Build 1322 •    Xftp 5.0 Build 1218 •    Xlpd 5.0 Build 1220

“To combat the ever-changing landscape of cyberattacks NetSarang has incorporated various methods and measures to prevent our line of products from being compromised, infected, or utilized by cyberespionage groups. Regretfully, the Build release of our full line of products on July 18th, 2017 was unknowingly shipped with a backdoor which had the potential to be exploited by its creator,” a statement from NetSarang says.

MyCERT recommends that all businesses who use the affected software to stop using them immediately and apply available patches.

“Users can update by going to Help -> Check for Updates directly in their client or download the latest Build from NetSarang website.

The latest Builds are Xmanager Enterprise Build 1236, Xmanager Build 1049, Xshell Build 1326, Xftp Build 1222, and Xlpd Build 1224.

NetSarang is committed to its users' privacy and has incorporated a more robust system to ensure that never again will a compromised product be delivered to its users. NetSarang will continue to evaluate and improve our security not only to combat the efforts of cyber espionage groups around the world but also in order to regain the trust of its loyal user base.

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

“We are working with Kaspersky Labs to further evaluate the exploit and will update our users with any pertinent information,” NetSarang concludes.

Related stories
Understanding the key to boosting cybersecurity habits: Kaspersky study
Kaspersky illuminates LockBit ransomware group's advanced tactics
Cado Security unmasks Cerber ransomware threat to Confluence servers
Malwarebytes launches free Digital Footprint Portal to protect personal data
VIAVI introduces Post-Quantum Cryptography testing for secure future
Top stories
Fortinet recognised as Challenger in Gartner's 2024 Magic Quadrant for SSE
Coalition integrates cyber risk platform with top cloud services providers
i-PRO to support Genetec SaaS with new AI-enabled camera models
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption
RiverSafe teams up with Cribl to boost IT & data security services