Company

ABOUT ESENTIRE

eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.

About Us →

Leadership →

Careers →

Event Calendar →

Newsroom →

EVENT CALENDAR

Apr

Data Connectors St. Louis

May

Milwaukee Cybersecurity Summit

May

RSA Conference

May

Secure360 Conference

Jun

Dallas Technology Summit

View Calendar →

LATEST PRESS RELEASE

Apr 03, 2024

Global Cybersecurity Solutions Provider, eSentire, Launches a New Technology Innovation Center in India

Bengaluru, India – April 4, 2024 – eSentire, Inc., the Authority in Managed Detection and Response (MDR), announced today the opening of its new Technology Innovation Center in India, under the legal entity eSentire India Private Limited. The Innovation Center will extend eSentire’s global…

View Newsroom →

Partners

PARTNER PROGRAM

We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.

LEARN MORE →

Apply to become an e3 ecosystem partner with eSentire today.

APPLY NOW →

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

On October 22, 2021, unidentified threat actors compromised the UA-Parser-JS NPM library and used the library to distribute malware to victims. UAParser.js is a JavaScript Library used by websites to detect the Browser, Rendering Engine, OS, CPU, and Device type/model from User-Agent data of visitors; it has a user-base of over seven million.

Three malicious packages (0.7.29, 0.8.0, 1.0.0) were published and made available for download on the UA-Parser site. Installation of these packages results in the deployment of the XMRig cryptocurrency miner and a password-stealing trojan.

eSentire has detected intrusions related to this supply chain attack. Impacted organizations are recommended to update to the most recent UA-Parser versions as soon as possible. Malicious versions have since been removed from the UA-Parser library.

What we’re doing about it

eSentire MDR for Network and Endpoint have rules in place to identify the XMRig cryptocurrency miner
Indicator sweeps have been performed for all eSentire MDR for Endpoint customers
- Impacted customers have been notified directly
Techniques observed in this campaign are detected via eSentire MDR for Endpoint
Additional detections are currently under development

What you should do about it

Update the impacted versions (0.7.29, 0.8.0, and 1.0.0) of UA-Parser to versions 0.7.30, 0.8.1, 1.0.1
If malicious versions were installed, impacted devices should be treated as compromised and user credentials must be reset

Additional information

The supply chain attack occurred after a threat actor was able to compromise a UA-Parser developer account. The account was used to publish the three malicious versions of UA-Parser. Information relating to the initial compromise is not publicly available at this time.

It should be noted that Windows and Linux Operating Systems are impacted. It is unlikely that MacOS was impacted in this attack.

eSentire has observed the distribution of malicious content via the supply-chain attack against UA-Parser users. Incidents have been observed impacting organizations in the technology, financial, and government sectors. This threat is believed to be opportunistic, rather than targeting specific industries, sectors, or organizations. eSentire continues to track this campaign for additional details and detection opportunities.

References:

[1] https://us-cert.cisa.gov/ncas/current-activity/2021/10/22/malware-discovered-popular-npm-package-ua-parser-js
[2] https://www.npmjs.com/package/ua-parser-js

ESENTIRE SERVICES

Managed Detection and Response

Digital Forensics and Incident Response

Exposure Management Services

ESENTIRE PLATFORM AND PEOPLE

Extended Detection and Response (XDR)

Security Operations Center (SOC)

Threat Response Unit (TRU)

Cyber Resilience Team

eSentire MDR for Microsoft

USE CASES

Ransomware

Cybersecurity Compliance

Zero Day Attacks

Cloud Misconfiguration

Third-Party Risk

Do More With Less

Cyber Risk

Cyber Insurance

Sensitive Data Security

INDUSTRIES

Insurance

Construction

Finance

Legal

Manufacturing

Private Equity

Healthcare

Retail

Food Supply

Government and Education

24/7 MDR SIGNALS

Network

Endpoint

Log

Cloud

Insider Threat

MDR Pricing

From The Blog

Building an Effective Threat Hunting Program for Proactive Cyber Defense

Don't Take the Bait: The XWorm Tax Scam

SolarMarker's Shift to PyInstaller Tactics

Resources

Case Studies

TRU Intelligence Center

Cybersecurity Tools

Videos

Reports

Webinars

Data Sheets

Real vs. Fake MDR

Blogs

Security Advisories

SECURITY ADVISORIES

Update: Zero-Day Vulnerability Impacts Palo Alto (CVE-2024-3400)

Zero-Day Vulnerability Impacts Palo Alto (CVE-2024-3400)

ABOUT ESENTIRE

About Us →

Leadership →

Careers →

Event Calendar →

Newsroom →

EVENT CALENDAR

Data Connectors St. Louis

Milwaukee Cybersecurity Summit

RSA Conference

Secure360 Conference

Dallas Technology Summit

LATEST PRESS RELEASE

Global Cybersecurity Solutions Provider, eSentire, Launches a New Technology Innovation Center in India

PARTNER PROGRAM

Search our site

Quick Links

Multi-Signal Managed Detection and Response

24/7 Global Security Operations Centers

eSentire MDR Pricing

Cybersecurity Tools

TRU Intelligence Center

Case Studies and Customer Testimonials

Get Started →

The Proven Choice for
Managed Detection and Response

Sales and
Customer Support