At a glance.
- Iron Tiger's supply chain campaign.
- TikTok and national security.
- Shuckworm maintains its focus on Ukrainian targets.
- Killnet's DDoS and dubious proof-of-work.
Iron Tiger's supply chain campaign.
Trend Micro reported Friday that Iron Tiger, a state-run threat actor associated with China (and also known as APT27, Emissary Panda, Bronze Union, and Luckymouse) has compromised the MiMi chat app with a view to attacking Mac OS systems, the first time, say the researchers, that this particular targeting has been used by the group.
"We noticed that a chat application named MiMi retrieved the rshell executable, an app we came across recently while investigating threat actor Earth Berberoka. We noticed Iron Tiger controlling the servers hosting the app installers of MiMi, suggesting a supply chain attack. Further investigation showed that MiMi chat installers have been compromised to download and install HyperBro samples for the Windows platform and rshell samples for the Mac OS platform. While this was not the first time the technique was used, this latest development shows Iron Tiger’s interest in compromising victims using the three major platforms: Windows, Linux, and macOS."
MiMi ("Secret") is designed for Chinese users, who represent the greater part of its clientele. Trend Micro found in the course of its investigation that "in this instance Iron Tiger compromised the server hosting the legitimate installers for this chat application for a supply chain attack." The targets of the campaign were in Taiwan and the Philippines.