A new supply chain hack points to China

Hello, and welcome to WIRED Start: your weekly roundup of the most important stories, landing in your inbox every Monday. Don’t forget, you can get the very latest from WIRED with our daily newsletter. Sign up to receive it for free here.

This week Andy Greenberg takes a look at a disturbing new outbreak of a cybersecurity scourge: A group of hackers, who mostly targeted victims in Hong Kong, also hijacked Microsoft’s trust model to make their malware harder to detect.

A New Supply Chain Attack Hit Close to 100 Victims—and Clues Point to China

Every software supply chain attack, in which hackers corrupt a legitimate application to push out their malware to hundreds or potentially thousands of victims, represents a disturbing new outbreak of a cybersecurity scourge. But when that supply chain attack is pulled off by a mysterious group of hackers, abusing a Microsoft trusted software model to make their malware pose as legitimate, it represents a dangerous and potentially new adversary worth watching.

“Any time we see a software supply chain attack, it’s somewhat interesting. But in terms of sophistication, this is a cut above the rest”

Dick O'Brien, a principal intelligence analyst on Symantec's research team

Today, researchers on the Threat Hunter Team at Broadcom-owned security firm Symantec revealed that they'd detected a supply chain attack carried out by a hacker group that they've newly named CarderBee. According to Symantec, the hackers hijacked the software updates of a piece of Chinese-origin security software known as Cobra DocGuard, injecting their own malware to target about 100 computers across Asia, mostly in Hong Kong. Though some clues, like the exploitation of DocGuard and other malicious code they installed on victim machines, loosely link CarderBee with previous Chinese state-sponsored hacking operations, Symantec declined to identify CarderBee as any previously known group, suggesting it may be a new team.

Beyond the usual disturbing breach of trust in legitimate software that occurs in every software supply chain, Symantec says, the hackers also managed to get their malicious code—a backdoor known as Korplug or PlugX and commonly used by Chinese hackers—digitally signed by Microsoft. The signature, which Microsoft typically uses to designate trusted code, made the malware far harder to detect.

Read the full story here.

Get ahead with these recommended reads

The Myth of ‘Open Source’ AI

A new analysis shows that “open source” AI tools like Llama 2 are still controlled by big tech companies in a number of ways, writes Will Knight . Read the full story here.

The World’s Workers Are Donning Cooling Vests to Battle Record Heat Waves

Garments that can be packed with ice or equipped with fans are becoming increasingly popular among workers exposed to high heat, writes Chris Baraniuk. Read the full story here.

The World Is Going Blind. Taiwan Offers a Warning, and a Cure

So many people are nearsighted on the island nation that they have already glimpsed what could be coming for the rest of us, writes Amit Katwala . Read the full story here.

The ‘Budget Ryan Reynolds’ Taking Bitcoin FC to the Big Leagues

Bitcoin podcaster Peter McCormack bought his local nonleague soccer team. Can he really turn Real Bedford FC into a global sports brand? Joel Khalili finds out. Read the full story here.

Until next time

Thank you for reading! We'll be back next Monday with another WIRED Start.?

And if you haven’t already, you can unlock unlimited access to WIRED’s content with a subscription.?