Is the Next NotPetya Already Here? Maybe, and Experts Are Worried

A worrisome new hacking operation is infecting software supply chains while going largely unnoticed.
By: | May 15, 2019

A worrisome new hacking operation is infecting software supply chains while going largely unnoticed.


Wired explains in detail: “By breaking into a developer’s network and hiding malicious code within apps and software updates that users trust, supply chain hijackers can smuggle their malware onto hundreds of thousands — or millions — of computers in a single operation, without the slightest sign of foul play. Now what appears to be a single group of hackers has managed that trick repeatedly, going on a devastating supply chain hacking spree — and becoming more advanced and stealthy as they go.”

Who are the hackers and what do they want?

The hackers go by Barium, ShadowHammer, ShadowPad, or Wicked Panda — and they appear to be from China, says Wired.

Reports also show the hackers are after espionage targets.

What are the experts saying?

Vitaly Kamluk, the director of the Asia research team for security firm Kaspersky, told Wired that “they’re poisoning trusted mechanisms” and that “they’re the champions of [supply chain hacks.]”

Kamluk continued: “With the number of companies they’ve breached, I don’t think any other groups are comparable to these guys.

“When they abuse this mechanism, they’re undermining trust in the core, foundational mechanisms for verifying the integrity of your system. This is much more important and has a bigger impact than regular exploitation of security vulnerabilities or phishing or other types of attacks. People are going to stop trusting legitimate software updates and software vendors.”

If this reminds you of the 2017 NotPetya attack, it should.

The NotPetya cyber attack started in Ukraine, paralyzing major companies like Maersk, Mondelez, FedEx and Merck.

It caused more than $10 billion in damage. The United States and Britain blamed the Russian government for the attack.

Silas Cutler, a researcher at security startup Chronicle, told Wired the potential damages of the Barium attack could rival NotPetya.

“If [Barium] had deployed a ransomware worm like that through one of these attacks, it would be a far more devastating attack than NotPetya,” Cutler said.

Why isn’t the Barium hack causing more damage?

Two words: operational restraint.

It targeted only 600 of 600,000 computers it compromised from computer maker Asus. It targeted only 40 computers out of the 700,000 it infected from PC cleanup tool CCleaner.



“By all appearances, the group is casting its vast net to spy on only a tiny fraction of the computers it compromises,” said Wired.

To get a full, detailed picture of the 2017 attack, Wired’s cover story The Untold Story of NotPetya, the Most Devastating Cyberattack in History is a must-read. It explains how the NotPetya attack unfolded, got detected, and how a resilient team stopped the bleeding.

To learn about the scope of cyber attacks (which amounts to $1.5 trillion annually), check out this Risk & Insurance® article explaining why insurance professionals see cyber as the biggest single threat — above terrorism, financial crisis or environmental damage.

We also wrote about how the mainstream media’s coverage of cyber insurance is driving underwriters crazy, and why your business can’t afford not to have cyber coverage&

Jared Shelly is a journalist based in Philadelphia. He can be reached at [email protected]

More from Risk & Insurance

More from Risk & Insurance