This site may contain outdated or incomplete information.
Operation Red
Attackers compromised the update server of a remote support solutions provider to deliver malicious updates to targeted organizations in South Korea. The malicious update was signed using a valid certificate stolen from the remote support solutions provider
Attackers first compromised the update server, then configured the server to only deliver malicious files if the client is located in the range of IP addresses of their target organizations.
Imapct
N/A
Type of compromise
It appears the attackers compromised the publishing infrastructure, as well as signing keys for updates.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.