Lebanon pager explosions ‘a modern supply chain attack’
Simultaneous explosions of electronic devices in Lebanon over the past two days have exposed supply chain vulnerabilities to new types of attack, according to cybersecurity ratings platform SecurityScorecard.
Commenting on the explosions of pagers and walkie-talkies targeting Hezbollah, which have killed more than 30 people, Aleksandr Yampolskiy, CEO of SecurityScorecard, said the event are “a reminder of the urgent need to raise the standards for third-party risk management”.
The pagers are claimed to have been manufactured by Taiwanese firm Gold Apollo, but in the aftermath of the attacks, Gold Apollo’s founder said it licensed its trademark to a company in Hungary.
Yampolskiy said the event in Lebanon is a “concerning demonstration of a modern supply chain attack”.
He explained: “A vulnerability in a third-party manufacturer, Gold Apollo, was exploited. Thousands of pagers…were reportedly rigged with explosives and remotely triggered at the right moment. This is a clear example of how a weak link in the chain – whether in a kinetic or cyberattack – can be used to infiltrate and cause significant damage.”
SecurityScorecard had previously assigned Gold Apollo a C-grade cybersecurity rating, which indicated vulnerabilities that could make the company susceptible to compromise or takeover.
Yampolskiy said the attacks have raised fresh concerns about the potential for “hidden backdoors” in other software systems that could be triggered remotely in geopolitical conflict.