Chinese APT Hijacks DevOps Updates to Steal Aerospace IP

A Chinese state‑sponsored APT group infiltrated the software‑distribution pipeline of a popular DevOps platform, replacing legitimate update packages with malicious binaries. These backdoored components were signed with forged code‑signing certificates, allowing them to pass integrity checks and be automatically installed on victim systems.

The compromised updates were deployed to several aerospace manufacturers, giving the actors persistent access to design files, engineering data, and other high‑value intellectual property. Organizations that rely on third‑party CI/CD tools must assume that the supply chain can be a foothold for nation‑state actors.

Defenders should immediately audit all recent software updates from the affected platform, verify code signatures against trusted authorities, and implement strict integrity‑verification controls. Monitoring for anomalous outbound traffic and credential misuse can help detect exfiltration attempts before critical data is exfiltrated.

Categories: Vulnerabilities & Exploits, Threat Intelligence

Source: Read original article