← Supply-Chain Attack Compendium

vestacp

Incident Summary

VestaCP build system compromise inserted remote backdoor

Attackers compromised infrastructure related to the Vesta Control Panel, allowing them to inject malicious code into update scripts or packages delivered to users. The malicious code executed commands, collected server passwords (including VestaCP admin and FTP passwords), and sent the stolen data to the attackers' server.

Date
2018-06-01 to 2018-06-12
Category
Open Source
Target Surface
Distribution
Insertion Phase
distribution
Impact
Data Exfiltration
Cause
Compromised Infrastructure

What Was Affected

Package vestacp
LanguageShell
ComponentDaemon
Artifact typesource archive
Domain typeproject download host
Domain vestacp.com

Compromised Versions

  • All versions receiving updates during the compromise window

Incident Context

Motive
Credential Theft
Attribution
Cybercriminal Gang
Observed Duration
11 days

Evidence

Compromised Artifacts

Current Artifacts and Analysis

Indicators and Changes

Hashes

  • sha256:b9f1ffcbaf887c8ec4eb260ae1fdc25b07f4849d194388eee0707f9bf23c1bca
  • md5:35e9334ae8aef10c4a97e7cc90ff964d

External References

Source Data

Source record: oss/vestacp/meta.yaml