Suspected Chinese hackers tampered with widely used customer chat program

Suspected Chinese hackers tampered with widely used software distributed by a small Canadian customer service company, another example of a “supply chain compromise” made infamous by the hack on U.S. networking company SolarWinds.

U.S. cybersecurity firm CrowdStrike said in a blog post it had discovered malicious software being distributed by Vancouver-based Comm100, which provides customer service products, such as chat bots and social media management tools, to a range of clients around the globe.

The scope and scale of the hack was not immediately clear. In a message, Comm100 said it had fixed its software earlier Thursday and that more details would soon be forthcoming. The company did not immediately respond to follow-up requests for information.

CrowdStrike researchers believe the malicious software was in circulation for a couple of days but would not say how many companies had been affected, divulging only that “entities across a range of industries” were hit. A person familiar with the matter cited a dozen known victims, although the actual figure could be much higher.

Comm100 on its website said it had more than 15,000 customers in some 80 countries.

CrowdStrike executive Adam Meyers said in a telephone interview that the hackers were suspected to be Chinese, citing their patterns of behavior, language in the code, and the fact that one victim had repeatedly been targeted by Chinese hackers in the past.

Discover the stories of your interest



The Chinese government rejected the claim. In an email, Chinese Embassy spokesperson Liu Pengyu said officials in Beijing “firmly oppose and crack down on all forms of cyber hacking in accordance with the law” and that the United States “has been loudly active in fabricating and spreading lies about so-called ‘Chinese hackers.'”

Supply chain compromises – which work by tampering with widely used enterprise software to hack its clients downstream – have been of increasing concern since alleged Russian hackers broke into Texas IT management firm SolarWinds Corp and used it as a springboard to hack U.S. government agencies and a host of private firms.

Meyers, whose firm was among those that responded to the SolarWinds hack, said the Comm100 find was a reminder that other nations used the same techniques.

“China is engaging in supply chain attacks,” he said.

Stay on top of technology and startup news that matters. Subscribe to our daily newsletter for the latest and must-read tech news, delivered straight to your inbox.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TheDailyCheck is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected] The content will be deleted within 24 hours.