Chinese hackers have allegedly tampered with widely used software distributed by a small Canadian customer service company, in what cybersecurity experts see as another example of a “supply chain compromise,” which was made infamous by the hack on US networking company SolarWinds.
US cybersecurity firm CrowdStrike said in a blog post that it had discovered malicious software being distributed by Vancouver-based Comm100, which provides customer service products, such as chat bots and social media management tools, to a range of clients around the globe.
The scope and scale of the hack was not immediately clear.
Photo: REUTERS
In a message, Comm100 said it on Thursday fixed its software and that more details would be forthcoming.
CrowdStrike researchers believe the malicious software was in circulation for a couple of days, but would not say how many companies had been affected, divulging only that “entities across a range of industries” were hit.
A person familiar with the matter said a dozen firms are known to be affected, although the actual figure could be much higher.
Photo: AFP
CrowdStrike CEO Adam Meyers said that the hackers were suspected to be Chinese, citing their patterns of behavior, language in the code and that one affected firm had repeatedly been targeted by Chinese hackers in the past.
The Chinese government rejected the claim.
In an e-mail, Chinese embassy in the US spokesman Liu Pengyu (劉鵬宇) said officials in Beijing “firmly oppose and crack down on all forms of cyber hacking in accordance with the law” and that the US “has been loudly active in fabricating and spreading lies about so-called ‘Chinese hackers.’”
Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.
Source: https://www.taipeitimes.com/News/front/archives/2022/10/02/2003786276