"Cybersecurity researchers have disclosed details of what has been described as a "sustained and targeted" spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential theft. The activity, which involved uploading 27 npm packages from six different npm aliases, has primarily targeted sales and commercial personnel at critical infrastructure-adjacent organizations in the U.S. and Allied nations, according to Socket."
""A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft," researchers Nicholas Anderson and Kirill Boychenko said. The names of the packages are listed below - adril7123 ardril712 arrdril712 androidvoues assetslush axerification erification erificatsion errification eruification hgfiuythdjfhgff"
A sustained, targeted spear-phishing operation uploaded 27 npm packages from six publisher aliases to the npm registry to facilitate credential theft. The packages hosted client-side HTML and JavaScript lures delivered via package CDNs that impersonated document-sharing portals and Microsoft sign-in pages. Victims were redirected to Microsoft sign-in with their email addresses pre-filled to harvest credentials. The campaign primarily targeted sales and commercial personnel at critical infrastructure-adjacent organizations in the U.S. and allied nations, affecting 25 organizations across manufacturing, industrial automation, plastics, and healthcare. Abuse of package CDNs provided resilient hosting that resists takedowns and enabled quick alias and package-name rotation.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]