More sophisticated XE Group attacks pose greater supply chain threat

Threat operation XE Group, which mainly focused on credit card skimming intrusions upon its emergence in 2013, has become a more formidable supply chain threat with its transition to more advanced zero-day attacks last year, reports CyberScoop.

Aside from exploiting a pair of zero-day flaws in the VeraCore supply chain management software to facilitate systems and configuration files compromise and persistence, XE Group also moved to revive a webshell initially installed four years prior, according to a joint analysis by Intezer and Solis Security. Other recent activity by XE Group involved the utilization of stolen database credentials for malicious file uploads, as well as the enhancement of its attack arsenal to include PowerShell-based payload distribution and automated data theft tools. "These recent discoveries highlight that XE Group is not only active but evolving. The group's ability to exploit unknown vulnerabilities and sustain prolonged access to targeted systems reflects a significant shift in their operational strategy," said the report.