As Chief Information Security Officer and VP Security Research, Deepen Desai is responsible for global security research operations and working with product teams to ensure that the Zscaler platform and services are secure. Deepen has been a cybersecurity leader for 15 years, with seven of those years at Dell SonicWALL.
If an attacker uploads a malicious file on Discord channel and shares its public link, even non-Discord users can download it. If the attacker deletes the malicious file within the Discord, [the] public URL can still be used to download the file, which means even though the file is deleted from the chat, it is actually not deleted from Discord CDN. Attackers are quite successful in their attempts to ensnare Discord users as well as non-Discord users.12 May 2021
If the nation-state actor has established persistence in their environment — and they’re able to do a similar supply chain attack using their supply chain infrastructure — then the possibilities are endless. You will discover more and more similar types of scenarios in the coming months, as things get investigated in this Orion case.12 May 2021