En mystisk grupp hackare har attackerat underleverantörer och mjukvaru-utvecklare sedan flera år tillbaka för att försöka få stor spridning på olika typer av malware.

Gruppen misstänks ligga bakom åtminstone två större attacker riktade mot ASUS och CCleaner.

Over the past three years, supply chain attacks that exploited the software distribution channels of at least six different companies have now all been tied to a single group of likely Chinese-speaking hackers. They’re known as Barium, or sometimes ShadowHammer, ShadowPad, or Wicked Panda, depending on which security firm you ask. More than perhaps any other known hacker team, Barium appears to use supply chain attacks as their core tool. Their attacks all follow a similar pattern: Seed out infections to a massive collection of victims, then sort through them to find espionage targets.

Gruppen har spårats tillbaka till Kina.

Wired