The Lazarus Group, a North Korean cyber-espionage unit, executed a major supply chain attack known as Phantom Circuit, targeting the cryptocurrency industry. This operation involved modifying legitimate software repositories and inserting malicious backdoors, primarily aimed at developers, leading to compromised systems. Security researchers reported that this ongoing campaign began with 181 victims in Europe and expanded to over a thousand, including significant numbers in India and Brazil. Stolen data ranged from credentials to sensitive system information, highlighting the risks in open-source software usage.
These are examples of code repos they host on Gitlab for example which is a clone of legit software and they embed into Node.js obfuscated backdoor.
The scary thing is that these developers will clone this code from git directly onto corporate laptops, we have seen this directly with two devs already.
Lazarus Group compromised hundreds of victims across the globe in a massive secret-stealing supply chain attack that was ongoing as of earlier this month.
The campaign unfolded in multiple waves, according to SecurityScorecard researchers, who spotted the supply chain attack and disclosed it in research.
Collection
[
|
...
]