Threat Research Flash Brief: SocGholish Poisons Supply Chain for Major Media Websites

Watch on-demand

Recorded live on November 22, 2022

SocGholish is a website malware variant attributed to TA569 and continues to thrive in the current cyber threat landscape while remaining one of the most elusive malware families to-date. Tracked by Proofpoint since 2018, TA569 leverages the watering hole (or drive-by download) technique to deliver SocGholish by injecting benign websites with malicious JavaScript thus kicking off a series of infection stages, victim profiling, and obfuscation routines that ultimately lead the victim to a final malicious payload (TA569 has been publicly attributed to initial access for ransomware infections in the past).

On Nov 2, Proofpoint Threat Research were the first to identify and report a massive supply chain infection involving the compromise of a media company that led to SocGholish infecting hundreds of media outlet websites

Join Proofpoint Senior Threat Researcher, Andrew Northern, for a live session on the murky world of SocGholish. Key discussion points will be:

  • SocGholish infection chain, from email to final payload
  • Observed changes to TA569 TTPs and tools
  • Recent supply chain-style web attacks 
  • How to stay ahead of the threat