Over the last three years, supply chain attacks have hit at least six different companies, linking back to a single group. Depending on which security firm you ask, the group is known as Barium, ShadowHammer, ShadowPad or Wicked Panda, Wired reports. The attacks follow a similar pattern of seeding out infections to victims, then sort through them to find espionage targets. The attacks reportedly show the group's ability to disrupt computers on a vast scale and exploit vulnerabilities in the most basic trust model.
The group is more focused on spying rather than destruction, Wired reports. However, its cybersecurity attacks leave people not trusting legitimate software updates and software vendors, or altogether abandoning the system.
"In terms of scale, this is now the group that is most proficient in supply chain attacks," says Marc-Etienne Léveillé, a security researcher with ESET tells Wired. "We’ve never seen anything like this before. It’s scary, because they have control over a very large number of machine
It appears that the group is only "spying" on a fraction of computers it compromises. In an attack against Asus computers earlier this year, the group only sought to target 600 computers out of the 600,000 it compromised.
It is unclear how the hackers are breaching all the companies whose software they hijack, but it is predicted that one supply chain attack enables another, Wired reports. Hackers may be refreshing a vast collection of compromised machines with interlinked supply chain hijackings, while simultaneously combing that that collection for specific espionage targets.
The identity of the hackers still remain unknown, but researchers have note that it is likely they live in mainland China as some of their codes include Simplified Chinese artifacts. Regardless of its origin, though, the group appears to be stealthier in its attacks, hiding one supply chain attack within another.