A little-known company, FUNNULL, has been found to be behind one of the largest digital supply chain attacks of the year, redirecting millions of internet users to a network of copycat gambling sites. The attack was carried out by exploiting a popular open-source JavaScript library, Polyfill.io, which was acquired by FUNNULL earlier this year.

According to security researchers at Sansec and Silent Push, FUNNULL used its control of Polyfill.io to inject malware and redirect website visitors to a network of thousands of Chinese-language gambling sites, impersonating well-known brands such as Sands, Bet365, and Bwin. The goal of the attack appears to be monetization, but the potential for more dangerous attacks, such as installing ransomware or spyware, is a major concern.

The attack highlights the vulnerability of the web's complex global network, where third-party tools and libraries can be exploited by malicious actors. The incident serves as a warning to the tech and startup community to be vigilant about the security of their online assets and to take proactive measures to prevent such attacks in the future.