"The malicious dependency is an obfuscated dropper that deploys a backdoor called Waveshaper.v2 across Windows, Linux and Mac environments. Researchers from Google Threat Intelligence Group track the attacker under the name UNC1069, an adversary that has been active since at least 2018."
"North Korean hackers have deep experience with supply chain attacks, which they've historically used to steal cryptocurrency. The full breadth of this incident is still unclear, but, given the popularity of this compromised package, we expect it will have far-reaching impacts."
"Researchers at Step Security, which initially detected the incident, said the attack was a deliberate and planned compromise, in which the malicious dependency was staged 18 hours in advance, with threat activity beginning on Monday."
A major supply chain attack targeted the axios JavaScript library, attributed to a North Korean threat actor. The attacker compromised a maintainer's node package manager account, introducing a malicious dependency named plain-crypto-js. Although the malicious versions were removed quickly, the widespread use of axios posed a risk to many users. The backdoor, Waveshaper.v2, affects Windows, Linux, and Mac environments. Researchers indicate that this incident reflects the ongoing threat posed by North Korean hackers, who have a history of supply chain attacks aimed at stealing cryptocurrency.
Read at www.cybersecuritydive.com
Unable to calculate read time
Collection
[
|
...
]