Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign

The supply chain attack in which cybersecurity firm Cyberhaven’s Chrome extension was compromised to steal users’ data appears to be part of a wider campaign in which at least 29 extensions were hit over the past year and a half.

As part of the Cyberhaven incident, a threat actor gained access to the company’s Chrome Web Store administrator account and published a new version of the extension that contained malicious code.

Cyberhaven offers a data detection and response platform designed to help organizations track and protect sensitive data and combat insider threats.

The attack was discovered on December 25, one day after it occurred, and the malicious version of the extension was available for download for just more than 24 hours before being pulled and replaced with a clean version.

During that time, the malicious extension iteration was distributed to users who had the automatic update feature enabled ...