Exposing Chat Apps Exploited for Supply Chain Attacks | WhoisXML API

Threat Reports

Exposing Chat Apps Exploited for Supply Chain Attacks

The popularity of chat apps surged during the pandemic when companies had to turn to remote work to remain productive despite government-imposed lockdowns. The increased usage hasn’t died down post-pandemic since many organizations opted to make the hybrid work setup permanent.

Amid that backdrop, therefore, it’s not surprising for threat actors to trail their sights on vulnerable business chat apps to instigate destructive supply chain attacks. Trend Micro recently published a technical analysis related to this threat, listing nine command-and-control (C&C) server addresses as indicators of compromise (IoCs).1

WhoisXML API researchers used the publicized IoCs as jump-off points for an expansion analysis that uncovered:

  • Nine other IP addresses the C&C server addresses resolved to
  • 300+ domains that shared the C&C server addresses’ IP hosts
  • Four additional domains and 32,800+ subdomains that contained strings found among the C&C server addresses, 81 of which were malicious
  • 600+ domains that contained the names of 10 of the most-used chat apps in 2022, only 2% of which could be publicly attributed to the companies whose product names appeared as strings in them and eight were found malicious

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://www.trendmicro.com/de_de/research/22/l/probing-weaponized-chat-applications-abused-in-supply-chain-atta.html
Try our WhoisXML API for free
Get started