CrowdStrike, working with Google and Shadowserver, took down a botnet used to push malware and steal passwords from open-source software developers. The operation targeted the Glassworm botnet, which had been attacking the open-source software supply chain for about two years. Recent attacks increasingly focus on developers and open-source projects to deliver malicious software to downstream organizations that rely on that code. These attacks exploit trust in code hosted on platforms such as GitHub. Glassworm used malicious marketplace extensions, malvertising via sponsored search results, and previously stolen credentials to hijack developer accounts and insert malware. The campaign poisoned more than 300 GitHub repositories.
"CrowdStrike, working with Google and Shadowserver, a nonprofit organization that scans and monitors the internet for cyberattacks, took down a botnet that cybercriminals used to push malware and steal passwords from open-source software developers."
"“Adversaries are no longer just targeting products, they're targeting the developers who build them,” CrowdStrike wrote in its report about the takedown operation. “Developers represent uniquely high-value targets: compromising a single developer's workstation can cascade into a supply-chain compromise that impacts thousands of downstream organizations and users.”"
"The Glassworm hackers used several strategies to push out their malicious code. This included publishing malicious extensions on a marketplace used by developers; by malvertising - where hackers pay for sponsored search results that trick victims into downloading malware; and using credentials stolen in previous hacks, which allowed the hijacking of developer accounts and the planting of malware in their code."
"In the end, the hackers were able to poison - as CrowdStrike put it - more than 300 GitHub code repositories."
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]