What's Happening?
A Chinese state-sponsored threat actor, identified as CL-STA-1009, has been using a malware family known as Airstalk in supply chain attacks. The malware targets business process outsourcing (BPO) entities, which have access to critical business systems
within their clients' networks. Airstalk, which has variants written in PowerShell and .NET, abuses the AirWatch API for mobile device management to establish covert communication channels with command-and-control servers. This malware is capable of stealing browser data and executing commands, posing a significant threat to the security of BPOs and their clients.
Why It's Important?
The use of Airstalk malware in supply chain attacks highlights the vulnerabilities within BPOs, which serve as critical gateways to multiple target environments. These attacks can have widespread implications, potentially compromising sensitive data and disrupting operations across various industries. The ability of state-sponsored actors to maintain persistent access to these networks poses a significant challenge to cybersecurity efforts. Organizations relying on BPO services must enhance their security measures to protect against such sophisticated threats.
What's Next?
BPOs and their clients are encouraged to strengthen their cybersecurity protocols and conduct thorough assessments of their supply chain security. Collaboration with cybersecurity firms and government agencies may be necessary to identify and mitigate the risks posed by Airstalk and similar threats. Ongoing monitoring and threat intelligence sharing will be crucial in defending against these advanced persistent threats.
