Quick intel drop. FireEye has reported that the DarkSide affiliate, UNC2465, has infiltrated the website of “CCTVSecurityPros” and injected into one of their software downloads. Below are the details.
- FireEye Article: https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compromise.html
- Joe’s Sandbox Report: https://www.joesandbox.com/analysis/432180/0/html
- Malware for those of you who want to perform your own analysis: https://github.com/obscuritylabs/UNC2465/tree/main/21JUN2021_supplychainattack