July 5, 2024 at 01:06AM
A supply chain attack on the widely-used Polyfill[.]io JavaScript library has affected over 380,000 hosts, including prominent companies like WarnerBros, Hulu, Mercedes-Benz, and Pearson. The attack involved code modifications redirecting users to adult and gambling websites. The incident led to domain suspensions, content delivery network actions, and warnings of broader malicious activities.
Key takeaways from the meeting notes:
– A supply chain attack targeting the widely-used Polyfill.io JavaScript library has been revealed to have impacted over 380,000 hosts, including prominent companies like WarnerBros, Hulu, Mercedes-Benz, and Pearson.
– The attack involved code modifications on the Polyfill domain that redirected users to adult- and gambling-themed websites, with the changes implemented to only occur at specific times and for certain visitors.
– The domain and its associated GitHub repository were sold to a Chinese company named Funnull in February 2024, resulting in the introduction of the nefarious behavior.
– Domain registrar Namecheap suspended the domain, and content delivery networks such as Cloudflare automatically replaced Polyfill links with domains leading to alternative safe mirror sites. Google also blocked ads for sites embedding the domain.
– Domain operators attempted to relaunch the service under a different domain, but it was also taken down by Namecheap. Two other domains were registered, and one remains up and running.
– There is evidence of a more extensive network of potentially related domains tied to the maintainers of Polyfill, suggesting the incident may be part of a broader malicious campaign.
– WordPress security company Patchstack warned of cascading risks posed by the Polyfill supply chain attack on sites running the content management system through legitimate plugins linking to the rogue domain.
It’s clear from these notes that the supply chain attack on Polyfill.io has had wide-reaching implications and has prompted significant actions from various parties in the cybersecurity and web hosting industries.