Canada
This article was added by the user . TheWorldNews is not responsible for the content of the platform.

Suspected Chinese hackers tampered with widely used Vancouver-based chat program: Researchers

Vancouver-based Comm100 said it had fixed its software earlier Thursday and that more details would soon be forthcoming.

Author of the article:

Reuters

Reuters

Raphael Satter and Christopher Bing

FILE PHOTO: A simple, very dark night time image of hands on an illuminated keyboard typing. Shady person wearing a hood at a computer or laptop in the dark.
FILE PHOTO: A simple, very dark night time image of hands on an illuminated keyboard typing. Shady person wearing a hood at a computer or laptop in the dark. Photo by Lincoln Beddoe /Getty Images/iStockphoto

WASHINGTON — Suspected Chinese hackers tampered with widely used software distributed by a small Canadian customer service company, another example of a “supply chain compromise” made infamous by the hack on U.S. networking company SolarWinds.

U.S. cybersecurity firm CrowdStrike said in a blog post that it had discovered malicious software being distributed by Vancouver-based Comm100, which provides customer service products, such as chat bots and social media management tools, to a range of clients around the globe.

Start your day with a roundup of B.C.-focused news and opinion delivered straight to your inbox at 7 a.m., Monday to Friday.

By clicking on the sign up button you consent to receive the above newsletter from Postmedia Network Inc. You may unsubscribe any time by clicking on the unsubscribe link at the bottom of our emails. Postmedia Network Inc. | 365 Bloor Street East, Toronto, Ontario, M4W 3L4 | 416-383-2300

The scope and scale of the hack wasn’t immediately clear. In a message, Comm100 said it had fixed its software earlier Thursday and that more details would soon be forthcoming. The company did not immediately respond to follow-up requests for information.

CrowdStrike researchers believe the malicious software was in circulation for a couple of days but wouldn’t say how many companies had been affected, divulging only that “entities across a range of industries” were hit. A person familiar with the matter said that there were a dozen known victims, although the true figure could be much higher.

Comm100 on its website said it had more than 15,000 customers in some 80 countries.

CrowdStrike executive Adam Meyers said in a telephone interview that the hackers involved were suspected to be Chinese, citing the hackers’ patterns of behavior, language in the code, and the fact that one of the hack’s victims had repeatedly been targeted by Chinese hackers in the past.

The Chinese Embassy in Washington did not immediately return messages seeking comment. Beijing regularly denies such allegations.

Supply chain compromises – which work by tampering with a widely used piece of software in order to hack its users downstream – have been of increasing concern since alleged Russian hackers broke into Texas IT management firm SolarWinds Corp and used it as a springboard to hack U.S. government agencies and a host of private firms.

Meyers – whose firm was among those that responded to the SolarWinds hack – said the Comm100 find was a reminder that other nations used the same techniques.

“China is engaging in supply chain attacks,” he said.

  1. Rohana Rezel is a Vancouver housing advocate and one-time candidate for city council.

    Daphne Bramham: QAnon tactics used by civic progressives to silence debate

  2. Posters plastered behind the podium outside the Balmoral Hotel in Vancouver for a Hastings Tent City news conference last month.

    Ian Mulgrew: Homelessness eliminated in Vancouver? Here’s how