Supply chain attack, possibly from Chinese intelligence services.

CrowdStrike warns that a suspected Chinese threat actor carried out a supply-chain attack by compromising a popular commercial chat product distributed by Vancouver-based customer service firm Comm100:

“Malware is delivered via a signed Comm100 installer that was downloadable from the company’s website. The installer was signed on September 26, 2022 at 14:54:00 UTC using a valid Comm100 Network Corporation certificate. CrowdStrike Intelligence can confirm that the Microsoft Windows 7+ desktop agent hosted at https[:]//dash11.comm100[.]io/livechat/electron/10000/Comm100LiveChat-Setup-win.exe that was available until the morning of September 29 was a trojanized installer. Comm100 has since released an updated installer (10.0.9).”

Scope of the effects of the Comm100 incident remains unclear.

It’s not yet clear how many entities downloaded the malicious installer, but Reuters says “A person familiar with the matter cited a dozen known victims, although the actual figure could be much higher.” CrowdStrike adds that the “trojanized file was identified at organizations in the industrial, healthcare, technology, manufacturing, insurance and telecommunications sectors in North America and Europe.” The Record notes that Comm100 says it has “more than 15,000 customers across 51 countries.”