Ethical Hacking News
A global supply chain attack has exposed hundreds of e-commerce websites to malicious hackers using backdoored Magento extensions. The attack, which was hidden in plain sight for six years, targeted multiple vendors and ultimately exposed sensitive customer data. Learn more about the details of this massive supply chain attack and how it can be prevented by businesses around the world.
Over 500 to 1,000 e-commerce websites were compromised in a massive supply chain attack using backdoored Magento extensions. The attack was hidden in plain sight for six years and targeted multiple vendors. A coordinated effort between threat actors compromised the download servers of Tigren, Magesolution (MGS), and Meetanshi. The attackers likely used stolen customer data for financial gain. Regular security audits and testing are crucial to prevent supply chain attacks.
Sansec, a renowned cybersecurity firm, has recently uncovered a massive supply chain attack that compromised over 500 to 1,000 e-commerce websites using backdoored Magento extensions. The attack, which was hidden in plain sight for six years, targeted multiple vendors and ultimately exposed hundreds of stores to malicious hackers.
The attack, which was discovered on May 5th, 2025, involved the use of 21 backdoored Magento extensions that were published between 2019 and 2022. The extensions, which were designed to be innocuous, contained a fake license check in a file called License.php or LicenseApi.php, allowing attackers to control the $licenseFile variable. This meant that attackers could gain access to the e-commerce servers of the affected vendors without being detected.
The attack was made possible by a coordinated effort between multiple threat actors, who compromised the download servers of Tigren, Magesolution (MGS), and Meetanshi. The backdoors in these software packages allowed attackers to inject malicious code into the e-commerce platforms, giving them access to sensitive customer data and ultimately enabling them to take control of the affected stores.
The attack highlights the risks associated with supply chain attacks, which can have devastating consequences for businesses that rely on third-party vendors for their operations. It also underscores the importance of regular security audits and testing to identify vulnerabilities in software packages before they are exploited by malicious actors.
Sansec's researchers believe that the threat actors behind the attack were motivated by financial gain, as the affected e-commerce platforms contained sensitive customer data. The attackers likely used this information to steal credit card numbers, personal identifiable information (PII), and other sensitive data.
The affected vendors have responded differently to the discovery of the attack. Tigren denies being hacked, despite the presence of backdoored software on their website. Meetanshi claims that no tampering took place, but confirms that their server was compromised. Magesolution (MGS) did not respond to Sansec's inquiries, and their backdoored packages are still available for download.
The discovery of this attack serves as a reminder of the importance of cybersecurity in e-commerce. It highlights the need for businesses to prioritize security when selecting third-party vendors and to regularly test their software for vulnerabilities. By taking proactive measures to prevent supply chain attacks, businesses can reduce their risk of being compromised by malicious hackers.
In conclusion, the recent discovery of this global supply chain attack exposes hundreds of e-commerce websites to malicious hackers using backdoored Magento extensions. The attack highlights the risks associated with supply chain attacks and underscores the importance of regular security audits and testing. By taking proactive measures to prevent these types of attacks, businesses can reduce their risk of being compromised by malicious hackers.
A global supply chain attack has exposed hundreds of e-commerce websites to malicious hackers using backdoored Magento extensions. The attack, which was hidden in plain sight for six years, targeted multiple vendors and ultimately exposed sensitive customer data. Learn more about the details of this massive supply chain attack and how it can be prevented by businesses around the world.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Global-Supply-Chain-Attack-Exposes-Hundreds-of-E-Storefronts-to-Malicious-Hackers-ehn.shtml
https://securityaffairs.com/177436/malware/sansec-uncovered-a-supply-chain-attack-via-21-backdoored-magento-extensions.html
https://cyberinsider.com/backdoor-activates-in-magento-supply-chain-attack-impacting-1000-stores/
https://sansec.io/research/license-backdoor
https://cybersecuritynews.com/apt-attack/
https://www.socinvestigation.com/comprehensive-list-of-apt-threat-groups-motives-and-attack-methods/
Published: Mon May 5 03:58:01 2025 by llama3.2 3B Q4_K_M
