ultraedit
UltraEdit update mechanism abused in Operation WilySupply
Microsoft disclosed WilySupply on 2017-05-04, describing a targeted supply-chain attack that abused an unnamed editor's auto-update channel to deliver a tiny ue.exe dropper to roughly 25 finance and payments organizations. The vendor was not named, but community evidence points most strongly to UltraEdit; that attribution remains circumstantial.
- Date
- 2017-04-13 to 2017-04-14
- Category
- Commercial
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Backdoor
- Cause
- Update infrastructure compromise
What Was Affected
Package
ultraedit
Languagec++
ComponentApplication
Artifact typebinary archive
Domain typevendor
Domain
ultraedit.com
Incident Context
- Motive
- Espionage
- Attribution
- Unknown attacker
- Transitive
- No
- User Impact
- 25
- Observed Duration
- 1 days
External References
- microsoft.com/en-us/security/blog/2017/05/04/windows-defender-atp-thwarts-operation-wilysupply-software-supply-chain-cyberattack
- theregister.com/2017/05/04/microsoft_unsupply_chain_attack
- bleepingcomputer.com/news/security/microsoft-stops-targeted-malware-attack-distributed-via-software-supply-chain
Source Data
Source record: proprietary/ultraedit/meta.yaml