Forwarded National Security Information Sharing and Analysis Center NISAC-400-202507-00000048

[Content Description]
The National Security Administration has observed external security intelligence and recently discovered that hackers have carried out malicious hijacking activities against browser extensions (such as the Red Direction activity). Their attack method is to use legitimate extensions to implant malicious code in subsequent updates, which can monitor user web browsing activities and send them to C2 servers, and even lead to phishing websites. Scope of impact: Chrome and Edge have a total of 18 extensions, which may cover more than 2.3 million users.

Detailed list download link: https://cert.tanet.edu.tw/pdf/2023057048ioc.zip

[Recommended measures]
1 Check and remove all browser extensions that have been confirmed to have malicious threats.
2 Clear browser cache, cookies and related session data to avoid the risk of continuous credential leakage.
3 Continue to monitor the network behavior of the affected host and the same network segment to ensure that abnormal activities do not recur.
4 If you suspect that the account credentials have been leaked, please force reset the relevant user passwords and multi-factor authentication settings.