Hello, welcome to the Tuesday, March 26, 2019 edition of the San Antonio Stormsend, Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Madrid, Spain.

Supply chain attacks are, of course, a big topic these days.

And it looks like Kerserski came across a pretty massive supply chain attack affecting

AISIS.

AIS's life update utility apparently was backdoored and installed on probably more than a million

of AIS's customers.

Kaspersky itself detected it on 57,000 systems that were protected with Kaspersky anti-virus.

However, of course, that's only a subset of the total population of infected systems.

So, one million, I guess, is what Kasperssky extrapolated based on that sample of 57,000 victims that it detected directly.

The malicious utility was available from AIS's own website. It was signed with a valid AIS certificate.

So for the end user, there was absolutely no indication that anything went wrong.

And this AISIS Life Update Utility can of course install arbitrary software,

can also update the bias on AIS's laptops.

But this is not where sort of this story ends. Now even though a large number of

users were affected by this particular malicious update utility, it looks like only 600

specific systems were actually targeted by this system. So the attacker would have access

to millions of systems, but they picked 600 specific MAC addresses that were hard-coded into the utility that would then be targeted and subjected to malicious uploads.

Now, while AIS is the only victim mentioned in Kasperski's report.

They also say that there were three additional vendors

that were targeted by apparently the same technique. These vendors are not named yet, but

...