Attackers could breach the download server of an application (used by system administrators to analyze Windows logs) and replaced the legitimate application and updates with a signed malicious version.
Organizations who used Alpha's free license edition software (the compromised version) include:
- 4 major telecommunication providers
- 10+ western millitary organizations
- 24+ Fortune 500 companies
- 5 major defense contractors
- 36+ Major IT product manufacturers or solutions providers
- 24+ western government organizations
- 24+ banks and financial institutions
- 45+ higher educational institutions
The attacker had access to the publishing infrastructure (i.e., the download server) and to the signing key of the packager.