Skip to main content
Room Banner
Back to all walkthroughs
Room Icon

Supply Chain Attack: Lottie

Max room.

Learn about supply chain attacks and their various mitigation techniques.

easy

60 min

9,131

User profile photo.
User profile photo.

To access material, start machines and answer questions login.

Set up your virtual environment

To successfully complete this room, you'll need to set up your virtual environment. This involves starting both your AttackBox (if you're not using your VPN) and Lab Machines, ensuring you're equipped with the necessary tools and access to tackle the challenges ahead.
Attacker machine
Status:Off
Lab machine
Status:Off

Supply chain attacks are a rising threat in cyber security, targeting the trusted parts of software development. Instead of attacking a company directly, attackers go after third-party components like libraries, packages, or services that many applications rely on. These attacks are particularly dangerous because they can spread quickly to many applications and often remain unnoticed until significant damage is done. A simple example is downloading an update for your favourite software from the attacker-controlled domain.

A recent supply chain attack on Lottie Player was carried out using a developer's compromised access token. The attacker's main objective was to trick web users accessing a compromised player into connecting their crypto wallets so that they could steal funds.

Learning Objectives

  • Workings of a supply chain attack
  • How to exploit a supply chain attack
  • Protection and mitigation measures

Room Prerequisites

Understanding the following topics is recommended before starting the room:

Connecting to the Machine

You can start the lab machine by clicking Start Lab Machine. The machine will start in a split-screen view. If the VM is not visible, use the blue Show Split View button at the top of the page. Please wait 1-2 minutes after the system boots completely to let the auto scripts run successfully. When the lab machine starts, click on the Start AttackBox (AB) button at the top of the page, as the AB is required to complete the exercises.

Let's begin!

        
Answer the questions below
I am ready to explore the room.