Threat Research Flash Brief: SocGholish Poisons Supply Chain for Major Media Websites | Proofpoint US

Platform
Products
Solutions
Partners
Resources
Company

Search

English (Americas)

Platform

Products

Solutions

Partners

Resources

Company

Multi-layered, adaptive defenses for threat detection, impersonation, and supplier risk.

Email Security

Impersonation Protection

More products

Transform your information protection with a human-centric, omni-channel approach.

Enterprise DLP

Adaptive Email DLP

Insider Threat Management

Intelligent Compliance

Mitigate Human Risk

Unlock full user risk visibility and drive behavior change.

Security Awareness

Augment Your Capabilities

Managed Services

Product Packages

More Protect People Products

Account Take-Over and Identity Protection

Secure vulnerable identities, stop lateral movement and privilege escalation.

Adaptive Email Security

Stop more threats with a fully integrated layer of behavioral AI.

Secure Email Relay

Secure your application email and accelerate DMARC implementation

Solutions by Use Case

How Proofpoint protects your people and data.

Authenticate Your Email

Protect your email deliverability with DMARC.

Combat Email and Cloud Threats

Protect your people from email and cloud threats with an intelligent and holistic approach.

More use cases

Solutions by Industry

People-centric solutions for your organization.

Federal Government

Cybersecurity for federal government agencies.

State and Local Government

Protecting the public sector, and the public from cyber threats.

More industries

Comparing Proofpoint

Evaluating cybersecurity vendors? Check out our side-by-side comparisons.

View comparisons

Solutions By Use Case

How Proofpoint protects your people and data.

Change User Behavior

Help your employees identify, resist and report attacks before the damage is done.

Combat Data Loss and Insider Risk

Prevent data loss via negligent, compromised and malicious insiders.

Modernize Compliance and Archiving

Manage risk and data retention needs with a modern compliance and archiving solution.

Protect Cloud Apps

Keep your people and their cloud apps secure by eliminating threats and data loss.

Prevent Loss from Ransomware

Learn about this growing threat and stop attacks by securing ransomware's top vector: email.

Secure Microsoft 365

Implement the best security and compliance solution for Microsoft 365.

Solutions By Industry

People-centric solutions for your organization.

Higher Education

A higher level of security for higher education.

Financial Services

Eliminate threats, build trust and foster growth for your organization.

Healthcare

Protect clinicians, patient data, and your intellectual property against advanced threats.

Mobile Operators

Make your messaging environment a secure environment.

Internet Service Providers

Cloudmark email protection.

Small and Medium Businesses

Big-time security for small business.

Proofpoint vs. the competition

Side-by-side comparisons.

Proofpoint vs. Abnormal Security

Proofpoint vs. Mimecast

Proofpoint vs. Cisco

Proofpoint vs Microsoft

Proofpoint vs. Microsoft Purview

Proofpoint vs. Legacy DLP

Partners

Deliver Proofpoint solutions to your customers.

Channel Partners

Archive Extraction Partners

Learn about Extraction Partners.

GSI and MSP Partners

Learn about our global consulting.

Technology and Alliance Partners

Learn about our relationships.

Social Media Protection Partners

Learn about the technology and....

Proofpoint Essentials Partner Programs

Small Business Solutions .

Become a Channel Partner

Resources

Find reports, webinars, blogs, events, podcasts and more.

Resource Library

Blog

Keep up with the latest news and happenings.

Webinars

Browse our webinar library to learn about the latest threats, trends and issues in cybersecurity.

Cybersecurity Academy

Earn your certification to become a Proofpoint Certified Guardian.

Podcasts

Learn about the human side of cybersecurity.

New Perimeters Magazine

Get the latest cybersecurity insights in your hands.

Threat Glossary

Learn about the latest security threats.

Events

Connect with us at events to learn how to protect your people and data from ever-evolving threats.

Customer Stories

Read how our customers solve their most pressing cybersecurity challenges.

Company

Proofpoint protects organizations' greatest assets and biggest risks: their people.

About Proofpoint

Why Proofpoint

Learn about our unique people-centric approach to protection.

Careers

Stand out and make a difference at one of the world's leading cybersecurity companies.

News Center

Read the latest press releases, news stories and media highlights about Proofpoint.

Privacy and Trust

Learn about how we handle data and make commitments to privacy and other regulations.

Environmental, Social, and Governance

Learn how we apply our principles to positively impact our community.

Support

Access the full range of Proofpoint support services.

Platform

Discover the Proofpoint human-centric platform.

Learn More

Proofpoint Nexus

Detection technologies to protect people and defend data.

Proofpoint Zen

Protect and engage users wherever they work.

Search Proofpoint

Try searching for

Email Security Phishing DLP Email Fraud

Select Product Login

Select Language

Threat Research Flash Brief: SocGholish Poisons Supply Chain for Major Media Websites

Watch on-demand

Recorded live on November 22, 2022

SocGholish is a website malware variant attributed to TA569 and continues to thrive in the current cyber threat landscape while remaining one of the most elusive malware families to-date. Tracked by Proofpoint since 2018, TA569 leverages the watering hole (or drive-by download) technique to deliver SocGholish by injecting benign websites with malicious JavaScript thus kicking off a series of infection stages, victim profiling, and obfuscation routines that ultimately lead the victim to a final malicious payload (TA569 has been publicly attributed to initial access for ransomware infections in the past).

On Nov 2, Proofpoint Threat Research were the first to identify and report a massive supply chain infection involving the compromise of a media company that led to SocGholish infecting hundreds of media outlet websites.

Join Proofpoint Senior Threat Researcher, Andrew Northern, for a live session on the murky world of SocGholish. Key discussion points will be:

SocGholish infection chain, from email to final payload
Observed changes to TA569 TTPs and tools
Recent supply chain-style web attacks
How to stay ahead of the threat