Handout A: Supply Chain Evidence
Captured from EDR console and vendor update manifest review 30 minutes after initial alert escalation at BioGenix Solutions.
CaliSyncPro Update Manifest, Certificate Chain, and Process Tree
CaliSyncPro Update Manifest -- v4.2.1
Vendor: CaliSync Instrumentation GmbH
Release Date: 2026-03-04
SHA256: a8f3b2c7d1e04f5a9b6c2d8e3f7a1b4c
Signed By: CaliSync Instrumentation GmbH
Certificate SN: 4A9F02B1
OCSP Status: NOT CHECKED (trusted vendor exception applied)
CRL Status: NOT CHECKED (trusted vendor exception applied)
---
Code-Signing Certificate
Subject: CN=CaliSync Instrumentation GmbH, O=CaliSync GmbH, C=DE
Issuer: CN=CaliSync Internal CA
Valid From: 2024-09-01T00:00:00Z
Valid To: 2026-09-01T00:00:00Z
Revocation Check: SKIPPED -- trusted vendor exception policy
---
Process Tree -- BIOGEN-RD-WS-01 (2026-03-09 22:14:07 UTC)
calibsvc.exe (PID 3241)
svchost.exe (PID 4892)
powershell.exe -encodedCommand JABjAD0AbgBlAHcALQBvAGIAagBlAGMAdA... (PID 5107)
net.exe user svc-rdbridge-admin /domain (PID 5224)
Same pattern: BIOGEN-RD-WS-02 at 22:17:03 UTC, BIOGEN-RD-WS-03 at 22:19:41 UTC
---
Azure AD Sign-In Log
Timestamp: 2026-03-09 22:20:18 UTC
Account: svc-rdbridge-admin
Source IP: 198.51.100.201 (HANSEN-SAP-01 on-premise range)
Risk Level: HIGH
Conditional Access: BYPASSED (legacy auth exception COLLBRIDGE-EXCL-003)IM NOTES (Do Not Show to Players):
- OCSP and CRL checks were skipped under the trusted vendor exception – this is the root policy gap enabling the supply chain attack.
- The PowerShell encoded command and net.exe domain query indicate credential harvesting as the immediate follow-on to calibration service process hijack.
- All 3 workstations show the identical process chain pattern, confirming a weaponized update rather than a workstation-specific anomaly.
IM Facilitation Notes
- Release when participants ask for technical evidence of the initial compromise or the CaliSyncPro update details.
- Use this handout to drive discussion on supply chain trust policy and the gap between vendor trust and certificate validation.