Kaspersky security researchers have detected a widespread supply chain attack involving a malicious backdoor planted within the Windows disc imaging software, Daemon and Tools, according to a TechCrunch report.
The Russian cybersecurity firm stated on Tuesday that data collected from computers worldwide running Kaspersky antivirus software reveals a "widespread" attack. The company has observed thousands of infection attempts and at least a dozen successful hacks following the installation of malicious versions of the software.
Analysis of the malware suggests the attackers belong to a Chinese-language speaking group. The hackers used the backdoor to deploy additional malware onto computers across the manufacturing, scientific, and retail sectors, as well as government systems.
While the attack is widespread, Kaspersky noted that the breach of specific computers indicates a "targeted" effort. The company identified compromised organizations located in Russia, Belarus, and Thailand.
Researchers first detected the backdoor on April 8. The supply chain attack is currently "still active," meaning hackers can still distribute malware to any user running the compromised software, per Kaspersky.
Kaspersky has contacted Disc Soft, the developer of Daemon Tools, regarding the vulnerability. The company did not clarify if the developer has responded or initiated a patch to secure the software.
