Threat Research Flash Brief: SocGholish Poisons Supply Chain for Major Media Websites

Recorded live on November 22, 2022

SocGholish is a website malware variant attributed to TA569 and continues to thrive in the current cyber threat landscape while remaining one of the most elusive malware families to-date. Tracked by Proofpoint since 2018, TA569 leverages the watering hole (or drive-by download) technique to deliver SocGholish by injecting benign websites with malicious JavaScript thus kicking off a series of infection stages, victim profiling, and obfuscation routines that ultimately lead the victim to a final malicious payload (TA569 has been publicly attributed to initial access for ransomware infections in the past).

On Nov 2, Proofpoint Threat Research were the first to identify and report a massive supply chain infection involving the compromise of a media company that led to SocGholish infecting hundreds of media outlet websites. 

Join Proofpoint Senior Threat Researcher, Andrew Northern, for a live session on the murky world of SocGholish. Key discussion points will be:

• SocGholish infection chain, from email to final payload
• Observed changes to TA569 TTPs and tools
• Recent supply chain-style web attacks 
• How to stay ahead of the threat