May 23, 2024 at 05:07PM
The RustDoor installer, a supply chain cyberattack via Justice AV’s corrupted Viewer v8.3.7, allows adversaries to take over infected systems. It was initially targeting macOS machines in 2023 and later spread to Windows as GateDoor. Customers are advised to re-image affected endpoints and reset credentials, as the threat actors’ C2 infrastructure continues to evolve.
From the meeting notes, I have distilled the following key points:
– A Windows version of the RustDoor installer has been spreading through a compromised audiovisual software package hosted and distributed by Justice AV, a platform used in various settings across the country.
– The compromised software, Justice AV’s Viewer v8.3.7, was corrupted by threat actors, allowing the deployment of the RustDoor installer, which enables complete takeover of infected systems.
– RustDoor was initially discovered in December 2023 targeting macOS machines and shortly after a Windows version, also known as GateDoor, was found. These versions were deployed in supply chain cyberattacks disguised as legitimate software and have been linked to the ALPHV/BlackCat ransomware group.
– JAVS has removed the corrupted Viewer files and advised affected users to re-image endpoints and reset credentials due to the high risk posed by the compromised software.
– Although RustDoor is no longer spreading through the JAVS platform, the adversaries behind the attack are continuously updating and improving their command-and-control infrastructure.
These are the key takeaways from the meeting notes regarding the supply chain cyberattack involving the RustDoor installer and Justice AV’s compromised software.