On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- 3AM: New Ransomware Family Used As Fallback in Failed LockBit Attack
September 13, 2023
A new ransomware family calling itself 3AM has emerged. To date, the ransomware has only been used in a limited fashion. Symantec’s Threat Hunter Team, part of Broadcom, has seen it used in a single attack by a ransomware affiliate that attempted to deploy LockBit on a target’s network and then switched to 3AM when ...
- RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware
September 13, 2023
Trend Micro researchers have been observing malware families RedLine and Vidar since the middle of 2022, when both were used by threat actors to target victims via spear-phishing scams. Earlier this year, RedLine targeted the hospitality industry with its info stealer malware. Their latest investigations show that the threat actors behind RedLine and Vidar now ...
- Sri Lanka: Report called over cyberattack on government sites
September 13, 2023
The Ministry of Technology said an investigation was called into the cyberattack that transpired on the 26th of August 2023. The statement added that the cyberattack, which targeted email systems under the ‘gov.lk’ domain, resulted in substantial data loss and a disruption of communications within various state offices. It stated that the ICTA disclosed that this ...
- New MidgeDropper Variant
September 12, 2023
One of the most exciting aspects of malware analysis is coming across a family that is new or rare to the reversing community. Determining the function of the malware, who created it, and the reasons behind it become a mystery to solve. The previously unseen dropper variant FortiGuard Labs researchers recently found, named MidgeDropper, has ...
- Malware distributor Storm-0324 facilitates ransomware access
September 12, 2023
The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginning in July 2023, Storm-0324 was observed distributing payloads using an open-source tool ...
- Kaspersky reveals three-year long suspected supply chain attack targeting Linux
September 12, 2023
UPDATE 13.09.2023. Free Download Manager team issued an official statement regarding this incident. Kaspersky unveiled a malicious campaign in which an installer of the Free Download Manager software was employed to disseminate a Linux backdoor for a minimum of three years. Researchers discovered that victims were infected when they downloaded the software from the official website, ...