Abstract

Few months back, the Windows Defender Advanced Threat Protection (Windows Defender ATP) research team noticed security alerts that captured an interesting attack pattern.

These alerts uncovered a well-planned, finely orchestrated cyberattack that targeted several high-profile technology and financial organizations with possible intentions of a cyberespionage campaign.

An unknown attacker was taking advantage of a silent yet effective attack vector: the compromised update mechanism or software supply chain for a third-party editing tool. We would discuss the scenarios observed and how this vector is quite effective for larger enterprise / business.

I am a Security Analyst with Microsoft in Digital Security and Risk Engineering team with a total work experience of 8+ years dealing with Win Forensics, investigation and Security Ops.