[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"news:tech-daemon-tools-supply-chain-attack-2026":3},{"meta":4,"markdown":68,"quiz":69},{"type":5,"articleId":6,"slug":7,"title":8,"titleEn":9,"category":10,"summary":11,"publishedAt":12,"tags":13,"vocabulary":15,"quizId":67},"news","news-tech-daemon-tools-supply-chain-attack-2026","tech-daemon-tools-supply-chain-attack-2026","仮想ドライブ用ソフト「DAEMON Tools」に約1か月にわたる供給網攻撃 — Kasperskyが公開","Virtual-Drive Software DAEMON Tools Hit by Month-Long Supply Chain Attack, Kaspersky Discloses","tech","On May 5, 2026, Russian security firm Kaspersky disclosed a supply chain attack against the popular Windows utility DAEMON Tools, with trojanized installers distributed from the legitimate vendor website since April 8, 2026. Compromised versions ranged from 12.5.0.2421 to 12.5.0.2434, with malicious code injected into DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe — all signed with valid AVB Disc Soft certificates. Kaspersky links the campaign to a Chinese-speaking group, with thousands infected across 100+ countries but second-stage payloads delivered to only about a dozen targeted machines in retail, scientific, manufacturing, and government sectors. A clean version 12.6 was released on the same day.\n","2026-05-05T00:00:00Z",[14],"cybersecurity",[16,21,25,30,34,38,42,46,50,55,59,63],{"word":17,"reading":18,"meaning":19,"level":20},"仮想","かそう","virtual","N1",{"word":22,"reading":23,"meaning":24,"level":20},"供給網","きょうきゅうもう","supply chain",{"word":26,"reading":27,"meaning":28,"level":29},"攻撃","こうげき","attack","N2",{"word":31,"reading":32,"meaning":33,"level":20},"改竄","かいざん","tampering",{"word":35,"reading":36,"meaning":37,"level":29},"配布","はいふ","distribution",{"word":39,"reading":40,"meaning":41,"level":29},"署名","しょめい","signature",{"word":43,"reading":44,"meaning":45,"level":20},"検出","けんしゅつ","detection",{"word":47,"reading":48,"meaning":49,"level":20},"標的","ひょうてき","target",{"word":51,"reading":52,"meaning":53,"level":54},"政府","せいふ","government","N3",{"word":56,"reading":57,"meaning":58,"level":29},"機関","きかん","agency",{"word":60,"reading":61,"meaning":62,"level":29},"感染","かんせん","infection",{"word":64,"reading":65,"meaning":66,"level":29},"公開","こうかい","disclosure","news-tech-daemon-tools-supply-chain-attack-2026-quiz","\n::para\n[ロシア]{ろしあ:Russian}の[セキュリティ]{せきゅりてぃ:security}[企業]{きぎょう:firm:N1}「[Kaspersky]{かすぺるすきー:Kaspersky}」が[2026]{にせんにじゅうろく:2026}[年]{ねん:year:N5}[5月]{ごがつ:May:N5}[5日]{いつか:5th:N5}、[Windows]{うぃんどうず:Windows}[向け]{むけ:for:N3}の[仮想]{かそう:virtual:N1}[ドライブ]{どらいぶ:drive}[作成]{さくせい:creation:N3}[ソフト]{そふと:software}「[DAEMON]{でーもん:DAEMON}[Tools]{つーるず:Tools}」が[供給網]{きょうきゅうもう:supply chain:N1}[攻撃]{こうげき:attack:N1}を[受けて]{うけて:received:N3}いたと[公開]{こうかい:disclosed:N4}しました。[改竄]{かいざん:tampered:N1}された[インストーラー]{いんすとーらー:installer}が[2026]{にせんにじゅうろく:2026}[年]{ねん:year:N5}[4月]{しがつ:April:N5}[8日]{ようか:8th:N5}から[公式]{こうしき:official:N3}サイト[経由]{けいゆ:via:N3}で[配布]{はいふ:distributed:N2}されていたと[されて]{されて:said to be}います。\n\n#en\nOn May 5, 2026, Russian security firm Kaspersky disclosed that DAEMON Tools, a Windows virtual-drive creation software, had been hit by a supply chain attack. Tampered installers had reportedly been distributed via the official site since April 8, 2026.\n::\n\n::heading\n[影響]{えいきょう:affected:N1}を[受けた]{うけた:received:N3}[バージョン]{ばーじょん:versions}と[正規]{せいき:legitimate:N3}[署名]{しょめい:signature:N2}\n\n#en\nAffected Versions and the Legitimate Digital Signature\n::\n\n::para\n[影響]{えいきょう:affected:N1}を[受けた]{うけた:received:N3}とされるのは[バージョン]{ばーじょん:version}[12.5.0.2421]{じゅうにてんごてんゼロてんによんにいち:12.5.0.2421}から[12.5.0.2434]{じゅうにてんごてんゼロてんにしさんよん:12.5.0.2434}までの[範囲]{はんい:range:N1}で、[攻撃者]{こうげきしゃ:attackers:N1}は「[DTHelper.exe]{でぃーてぃーへるぱーどっといーえっくすいー:DTHelper.exe}」「[DiscSoftBusServiceLite.exe]{でぃすくそふとばすさーびすらいとどっといーえっくすいー:DiscSoftBusServiceLite.exe}」「[DTShellHlp.exe]{でぃーてぃーしぇるえいちえるぴーどっといーえっくすいー:DTShellHlp.exe}」の[3]{さん:three}つの[実行]{じっこう:executable:N3}[ファイル]{ふぁいる:files}に[悪意]{あくい:malicious:N4}ある[コード]{こーど:code}を[埋め込んだ]{うめこんだ:embedded:N2}と[されて]{されて:said to be}います。これらの[ファイル]{ふぁいる:files}は[開発]{かいはつ:developer:N4}[元]{もと:source:N4}「[AVB]{えーぶいびー:AVB}[Disc]{でぃすく:Disc}[Soft]{そふと:Soft}」の[正規]{せいき:legitimate:N3}な[電子]{でんし:digital:N5}[署名]{しょめい:signature:N2}が[付いた]{ついた:attached:N3}まま[配布]{はいふ:distributed:N2}されていたため、[利用者]{りようしゃ:users:N3}や[セキュリティ]{せきゅりてぃ:security}[製品]{せいひん:products:N1}が[気付き]{きづき:detect:N3}にくい[状態]{じょうたい:state:N1}にあったと[報じられて]{ほうじられて:reported:N3}います。\n\n#en\nThe affected range is reportedly versions 12.5.0.2421 through 12.5.0.2434, with attackers said to have embedded malicious code in three executables: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. These files were reportedly distributed still bearing a valid digital signature from developer AVB Disc Soft, putting users and security products in a state where it was hard to detect.\n::\n\n::heading\n[感染]{かんせん:infections:N1}は[100か国]{ひゃっかこく:100 countries:N5}[超]{ちょう:more than:N2}、[第二]{だいに:second-:N1}[段階]{だんかい:stage:N2}は[少数]{しょうすう:small number:N3}に[限定]{げんてい:limited:N3}\n\n#en\nInfections in More Than 100 Countries; Second Stage Limited to a Small Number\n::\n\n::para\n[Kaspersky]{かすぺるすきー:Kaspersky}によると、[改竄]{かいざん:tampered:N1}[版]{ばん:version:N2}の[インストーラー]{いんすとーらー:installer}は[100]{ひゃく:100}か[国]{こく:countries:N5}を[超える]{こえる:more than:N2}[範囲]{はんい:range:N1}で[数千]{すうせん:thousands:N3}[件]{けん:cases:N3}の[感染]{かんせん:infections:N1}を[引き起こした]{ひきおこした:caused:N3}とされます。[一方]{いっぽう:on the other hand:N4}、[追加]{ついか:additional:N3}の[マルウェア]{まるうぇあ:malware}を[配信]{はいしん:delivered:N3}する[第二]{だいに:second:N1}[段階]{だんかい:stage:N2}の[ペイロード]{ぺいろーど:payload}は[10]{じゅう:10}[台]{だい:units:N4}[程度]{ていど:about:N3}の[端末]{たんまつ:devices:N1}にしか[展開]{てんかい:deployed:N1}されておらず、[標的]{ひょうてき:targeted:N1}は[小売]{こうり:retail:N4}、[科学]{かがく:scientific:N3}、[製造]{せいぞう:manufacturing:N1}、[政府]{せいふ:government:N2}[機関]{きかん:agencies:N3}など[特定]{とくてい:specific:N3}の[組織]{そしき:organizations:N1}に[絞られて]{しぼられて:focused:N1}いたと[見られて]{みられて:seen:N5}います。\n\n#en\nAccording to Kaspersky, the tampered installer reportedly caused thousands of infections across more than 100 countries. On the other hand, the second-stage payload delivering additional malware was reportedly deployed to only about 10 devices, with targets seen as having been narrowed to specific organizations such as retail, scientific, manufacturing, and government agencies.\n::\n\n::heading\n[中国]{ちゅうごく:Chinese:N5}[語]{ご:language:N5}[圏]{けん:speaking:N1}の[攻撃]{こうげき:attack:N1}[グループ]{ぐるーぷ:group}が[関与]{かんよ:involved:N3}か\n\n#en\nA Chinese-Language-Speaking Attack Group Possibly Involved\n::\n\n::para\n[Kaspersky]{かすぺるすきー:Kaspersky}は、[マルウェア]{まるうぇあ:malware}の[解析]{かいせき:analysis:N1}[結果]{けっか:results:N1}から[今回]{こんかい:this:N3}の[攻撃]{こうげき:attack:N1}を[中国]{ちゅうごく:Chinese:N5}[語]{ご:language:N5}を[話す]{はなす:speaking:N5}[攻撃]{こうげき:attack:N1}[グループ]{ぐるーぷ:group}と[関連]{かんれん:linked:N3}[付けて]{づけて:to:N3}いると[されて]{されて:said to be}いますが、[特定]{とくてい:specific:N3}の[国家]{こっか:state:N4}との[結び付き]{むすびつき:ties:N1}や[組織]{そしき:organization:N1}[名]{めい:name:N5}までは[公表]{こうひょう:publicly disclosed:N3}されていない[模様]{もよう:appearance:N1}です。[攻撃]{こうげき:attack:N1}が[広範囲]{こうはんい:broad-scope:N1}な[感染]{かんせん:infection:N1}を[狙った]{ねらった:aimed at:N2}ものではなく、[特定]{とくてい:specific:N3}の[標的]{ひょうてき:targets:N1}に[到達]{とうたつ:reach:N3}するための「[漏斗]{ろうと:funnel:N1}」[として]{として:as}[使われた]{つかわれた:used:N4}[可能性]{かのうせい:possibility:N3}が[指摘]{してき:noted:N1}されています。\n\n#en\nKaspersky reportedly links this attack to a Chinese-language-speaking attack group based on malware analysis, but it appears specific state ties and organization names have not been publicly disclosed. It is noted that the attack may have been used as a \"funnel\" to reach specific targets rather than aiming at broad-scope infection.\n::\n\n::heading\n[新]{しん:new:N4}[バージョン]{ばーじょん:version}[12.6]{じゅうにてんろく:12.6}を[同日]{どうじつ:same day:N4}に[公開]{こうかい:released:N4}\n\n#en\nA New Version 12.6 Released the Same Day\n::\n\n::para\n[開発]{かいはつ:developer:N4}[元]{もと:source:N4}は[同じ]{おなじ:same:N4}[5月]{ごがつ:May:N5}[5日]{いつか:5th:N5}に[改竄]{かいざん:tampered:N1}されていない「[DAEMON]{でーもん:DAEMON}[Tools]{つーるず:Tools}[Lite]{らいと:Lite}[12.6]{じゅうにてんろく:12.6}」を[公開]{こうかい:released:N4}したとされ、[利用者]{りようしゃ:users:N3}には[速やかに]{すみやかに:promptly:N3}[更新]{こうしん:update:N3}するよう[呼びかけられて]{よびかけられて:being called on:N3}いると[報じられて]{ほうじられて:reported:N3}います。[既に]{すでに:already:N1}[影響]{えいきょう:affected:N1}[版]{ばん:version:N2}を[インストール]{いんすとーる:installed}した[端末]{たんまつ:devices:N1}では、[アンチウイルス]{あんちういるす:antivirus}[ソフト]{そふと:software}による[精密]{せいみつ:thorough:N1}な[検査]{けんさ:scan:N1}が[推奨]{すいしょう:recommended:N1}されています。\n\n#en\nThe developer reportedly released a clean \"DAEMON Tools Lite 12.6\" on the same May 5, and users are being called on to update promptly. For devices that have already installed an affected version, a thorough scan with antivirus software is being recommended.\n::\n\n::callout\n[今回]{こんかい:this:N3}の[件]{けん:case:N3}は、[正規]{せいき:legitimate:N3}の[電子]{でんし:digital:N5}[署名]{しょめい:signature:N2}を[持つ]{もつ:bearing:N4}[ソフトウェア]{そふとうぇあ:software}でも[供給網]{きょうきゅうもう:supply chain:N1}の[途中]{とちゅう:in the middle:N3}で[改竄]{かいざん:tampered:N1}されれば[セキュリティ]{せきゅりてぃ:security}[製品]{せいひん:products:N1}を[すり抜ける]{すりぬける:slip past:N3}[恐れ]{おそれ:risk:N3}があることを[改めて]{あらためて:once again:N2}[示した]{しめした:demonstrated:N3}と[見られて]{みられて:seen:N5}います。[日本]{にほん:Japanese:N5}[国内]{こくない:domestic:N3}でも[個人]{こじん:individual:N2}[利用]{りよう:users:N3}や[企業]{きぎょう:enterprises:N1}で[同]{どう:the same:N4}[ソフト]{そふと:software}が[使われている]{つかわれている:used:N4}[可能性]{かのうせい:possibility:N3}があり、[情報]{じょうほう:IT:N3}[システム]{しすてむ:systems}[部門]{ぶもん:departments:N2}では[ソフトウェア]{そふとうぇあ:software}の[出所]{でどころ:origin:N3}と[更新]{こうしん:update:N3}[履歴]{りれき:history:N1}を[改めて]{あらためて:once again:N2}[確認]{かくにん:confirming:N3}する[動き]{うごき:moves:N4}が[広がり]{ひろがり:spreading:N4}そうです。\n\n#en\nThis case is seen as once again demonstrating that even software bearing a legitimate digital signature can slip past security products if it is tampered with mid-supply-chain. The same software may also be in use in Japan by individual users and enterprises, and IT system departments are likely to see expanding moves to once again verify software origin and update history.\n::\n",{"id":67,"title":70,"titleEn":71,"topicPath":5,"questions":72},"DAEMON Tools 供給網攻撃 確認テスト","DAEMON Tools Supply Chain Attack Confirmation Test",[73,101,123,145,168],{"id":74,"articleId":6,"question":75,"options":78,"correctLabel":84,"explanation":95,"tags":98},"news-tech-daemon-tools-supply-chain-attack-2026-quiz-q01",{"en":76,"jp":77},"According to Kaspersky's disclosure, since when had the tampered DAEMON Tools installer been distributed?","Kasperskyの公開によると、改竄されたDAEMON Toolsのインストーラーはいつから配布されていたとされているか。",[79,83,87,91],{"label":80,"jp":81,"en":82},"ア","2026年3月1日","March 1, 2026",{"label":84,"jp":85,"en":86},"イ","2026年4月8日","April 8, 2026",{"label":88,"jp":89,"en":90},"ウ","2026年5月1日","May 1, 2026",{"label":92,"jp":93,"en":94},"エ","2026年5月5日","May 5, 2026",{"en":96,"jp":97},"The article says the tampered installer had been distributed via the official site since April 8, 2026. May 5 is the date Kaspersky disclosed the attack and the clean version 12.6 was released.","記事は2026年4月8日から公式サイト経由で改竄されたインストーラーが配布されていたとしている。5月5日はKasperskyによる公開と新バージョン12.6リリースの日。",[99,100],"comprehension","numeric",{"id":102,"articleId":6,"question":103,"options":106,"correctLabel":84,"explanation":119,"tags":122},"news-tech-daemon-tools-supply-chain-attack-2026-quiz-q02",{"en":104,"jp":105},"What does the article emphasize as a feature of the tampered executables?","改竄された実行ファイルの特徴として記事が強調しているのはどれか。",[107,110,113,116],{"label":80,"jp":108,"en":109},"ファイルサイズが極端に大きかった","File sizes were extremely large",{"label":84,"jp":111,"en":112},"AVB Disc Softの正規な電子署名が付いたままだった","They still bore a valid AVB Disc Soft digital signature",{"label":88,"jp":114,"en":115},"Linux向けに作られていた","They were built for Linux",{"label":92,"jp":117,"en":118},"オープンソースとして配布されていた","They were distributed as open source",{"en":120,"jp":121},"The article says the three executables were distributed still bearing developer AVB Disc Soft's valid digital signature, making detection difficult.","記事は3つの実行ファイルが開発元AVB Disc Softの正規な電子署名が付いたまま配布され、検出が困難だったと述べている。",[99],{"id":124,"articleId":6,"question":125,"options":128,"correctLabel":84,"explanation":141,"tags":144},"news-tech-daemon-tools-supply-chain-attack-2026-quiz-q03",{"en":126,"jp":127},"Which best matches the article's description of the second-stage malware delivery?","第二段階のマルウェア配信について記事の説明と最も合うものはどれか。",[129,132,135,138],{"label":80,"jp":130,"en":131},"100か国超で広く展開された","Broadly deployed in over 100 countries",{"label":84,"jp":133,"en":134},"10台程度の特定組織の端末に限定された","Limited to about 10 devices at specific organizations",{"label":88,"jp":136,"en":137},"全く配信されなかった","Was not delivered at all",{"label":92,"jp":139,"en":140},"個人ユーザーのみに送られた","Sent only to individual users",{"en":142,"jp":143},"The article says infections themselves reached thousands across 100+ countries, but the second-stage payload was deployed to only about 10 devices at specific organizations in retail, scientific, manufacturing, and government sectors.","記事は感染自体は100か国超・数千件に達したが、第二段階のペイロードは小売・科学・製造・政府機関など特定組織の10台程度にしか展開されなかったとしている。",[99],{"id":146,"articleId":6,"question":147,"options":150,"correctLabel":84,"explanation":163,"tags":166},"news-tech-daemon-tools-supply-chain-attack-2026-quiz-q04",{"en":148,"jp":149},"What is the closest meaning of 'kaizan' (改竄)?","「改竄」（かいざん）の意味として最も近いものはどれか。",[151,154,157,160],{"label":80,"jp":152,"en":153},"改善・向上","Improvement",{"label":84,"jp":155,"en":156},"正規の情報や物に手を加えて勝手に書き換えること","Unauthorized alteration of legitimate information or objects",{"label":88,"jp":158,"en":159},"公開すること","Public disclosure",{"label":92,"jp":161,"en":162},"翻訳すること","Translation",{"en":164,"jp":165},"'Kaizan' refers to unauthorized modification or rewriting of data, documents, software, etc. — a frequent term in cybersecurity reporting.","「改竄」はデータ・文書・ソフトウェアなどに勝手に手を加えて書き換える行為を指し、サイバーセキュリティ報道で頻出する用語。",[167],"vocabulary",{"id":169,"articleId":6,"question":170,"options":173,"correctLabel":84,"explanation":186,"tags":189},"news-tech-daemon-tools-supply-chain-attack-2026-quiz-q05",{"en":171,"jp":172},"What kind of group did Kaspersky reportedly link the attack to?","Kasperskyが攻撃を関連付けたとされるのはどのようなグループか。",[174,177,180,183],{"label":80,"jp":175,"en":176},"ロシア政府の公式機関","An official Russian government agency",{"label":84,"jp":178,"en":179},"中国語を話す攻撃グループ","A Chinese-language-speaking attack group",{"label":88,"jp":181,"en":182},"北朝鮮国営企業","A North Korean state enterprise",{"label":92,"jp":184,"en":185},"オープンソース開発者コミュニティ","An open-source developer community",{"en":187,"jp":188},"The article says Kaspersky links the attack to a Chinese-language-speaking attack group based on malware analysis, but specific state ties and organization names have not been publicly disclosed.","記事はKasperskyがマルウェアの解析結果から今回の攻撃を中国語を話す攻撃グループに関連付けているとしているが、具体的な国家との結び付きや組織名までは公表されていないと述べている。",[99]]