GrayCharlie Hijacks Law Firm Sites in Suspected Supply-Chain Attack
Summary
The threat actor GrayCharlie is compromising WordPress websites belonging to law firms and using them to distribute malware via fake browser updates and ClickFix lures. The malware payloads include NetSupport RAT, Stealc, and SectopRAT, indicating a sophisticated supply-chain attack.
IFF Assessment
The compromise of law firm websites to distribute malware poses a significant threat to end-users and organizations.
Severity
Defender Context
Defenders need to monitor their WordPress installations for unauthorized modifications and regularly scan for malware. Pay close attention to plugin vulnerabilities and ensure strong access controls are in place. Supply chain attacks targeting widely used platforms are a growing trend, highlighting the need for robust security measures even for seemingly low-risk websites.