Vendor Confirms Daemon Tools Supply Chain Attack Mitigated
Supply Chain Attack Hits Popular Digital Disc Utility
Disc Soft, the developer of popular digital disc utilities, has recently fallen victim to a sophisticated supply chain attack. Between April 8 and May 5, Chinese-speaking threat actors injected malicious code into various versions of Daemon Tools Lite, a free product offered by the company.
Attack Details
- The breach was confined to the free version of Daemon Tools Lite, specifically version 12.5.1.
- The attackers deployed a backdoor on approximately 10,000 infected machines.
- A second, more complex backdoor targeted a Russian educational institution.
Disc Soft emphasized that they are not attributing the incident to any specific third party, stating, “We are carefully reviewing all components of our infrastructure to ensure a complete and accurate understanding of what occurred.”
Prevention and Response
- Disc Soft plans to enhance its verification procedures to prevent similar incidents in the future.
- The company’s commitment to transparency and customer protection demonstrates their dedication to maintaining trust with users.
This incident serves as a reminder of the importance of robust security measures within software development and supply chains. Threat actors often exploit vulnerabilities in widely used applications to achieve their objectives, emphasizing the need for continuous vigilance and proactive countermeasures.
Related News
- Several high-profile companies have reported experiencing similar supply chain attacks in recent times.
- These incidents highlight the escalating risks associated with compromised software and the need for comprehensive security protocols across the board.
About Author
English