Passwordstate, an enterprise password manager’s software update, was allegedly malformed by a threat actor to infect thousands of companies using it. The maker of Passwordstate, Click Studios, informed its customers that hackers have compromised Passwordstate’s update mechanism and thus pushed an infectious update to customers having malware in it.
Passwordstate’s Infectious Update
Supply chain attacks are highly reliable and the most complex attacks in the cybersecurity space. This includes targeting one element of an ecosystem (like an internal employee), compromising his credentials and getting access to the whole network, and impacting their clients ultimately.
They’re hard to detect and can cause extreme damage since well rooted into the network before being realized. One such attack was reported by Click Studios, where the update mechanism of its famous Passwordstate is compromised for a supply chain attack.
???? Manager haseł PasswordState został zhackowany a komputery klientów zainfekowane. Producent informuje ofiary e-mailem. Ten manager haseł jest “korporacyjny”, więc problem będzie dotyczyć przede wszystkim firm… Auć! (Informacja od Tajemniczego Pedro) pic.twitter.com/PGHhmEKpje — Niebezpiecznik (@niebezpiecznik) April 23, 2021
