On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal
March 24, 2022
A 16-year-old from Oxford has been accused of being one of the leaders of cyber-crime gang Lapsus$. The teenager, who is alleged to have amassed a $14m (£10.6m) fortune from hacking, has been named by rival hackers and researchers. City of London Police say they have arrested seven teenagers in relation to the gang but will not ...
- Lockbit wins ransomware speed test, encrypts 25,000 files per minute
March 23, 2022
Ransomware moves more quickly than most organizations can respond. Though knowing they have a specific limited window should help inform where to put their defenses, according to security data shop Splunk. The vendor’s research team Surge today published research on how long it takes 10 of the big ransomware families including Lockbit, Conti, and REvil to ...
- Italy’s state railway may have been target of cyber attack
March 23, 2022
Italian railway company Ferrovie dello Stato Italiane (FS) said on Wednesday it had temporarily halted some ticket sale services as it feared they had been targeted by a cyber attack. “Since this morning, elements that could be linked to a cryptolocker infection have been detected on the computer network of Trenitalia and RFI,” the company said ...
- Microsoft confirms it was breached by hacker group
March 23, 2022
Microsoft has confirmed it was breached by the hacker group Lapsus$, adding to the cyber gang’s growing list of victims. In a blog post late Tuesday, Microsoft said Lapsus$ had compromised one of its accounts, resulting in “limited access” to company systems but not the data of any Microsoft customers.” Our cybersecurity response teams quickly engaged to ...
- Corrupted open-source software enters the Russian battlefield
March 22, 2022
It started as an innocent protest. Npm, JavaScript’s package manager maintainer RIAEvangelist, Brandon Nozaki Miller, wrote and published an open-code npm source-code package called peacenotwar. It did little except add a protest message against Russia’s invasion of Ukraine. But then, it took a darker turn: It began destroying computers’ file systems. To be exact, Miller added ...
- More Conti ransomware source code leaked on Twitter out of revenge
March 20, 2022
A Ukrainian security researcher has leaked newer malware source code from the Conti ransomware operation in revenge for the cybercriminals siding with Russia on the invasion of Ukraine. Conti is an elite ransomware gang run by Russian-based threat actors. With their involvement in developing numerous malware families, it is considered one of the most active cybercrime ...