On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- N3TW0RM ransomware emerges in wave of cyberattacks in Israel
May 3, 2021
A new ransomware gang known as ‘N3TW0RM’ is targeting Israeli companies in a wave of cyberattacks starting last week. Israeli media Haaretz reported that at least four Israeli companies and one nonprofit organization had been successfully breached in this wave of attacks. Read more… Source: Bleeping Computer
- San Diego: Scripps Health Cyberattack Causes Widespread Hospital Outages
May 3, 2021
Scripps Health, a hospital network based in San Diego, was hit by a cyberattack over the weekend, forcing some critical-care patients to be diverted, according to the San Diego Union-Tribune. Scripps acknowledged the attack in a statement but didn’t specify whether it was a ransomware incident. It’s also unknown whether the adversaries compromised any patient records ...
- New Buer Malware Downloader Rewritten in E-Z Rust Language
May 3, 2021
A variant of the Buer malware, which is being distributed in emails disguised as DHL support shipping notices, comes with a fresh code rewrite in the popular Rust language and looks like it may be in the process of prepping for rental to other cybercrooks. Using the increasingly popular, efficient and easy-to-use Rust programming language will ...
- Ransomware Task Force: Ransomware is now a National Security risk
April 30, 2021
Ransomware is a growing international problem and it needs global cooperation in order to prevent attacks and take the fight to the cyber criminals behind the disruptive malware campaigns. A paper by the Institute for Security and Technology’s (IST) Ransomware Task Force (RTF) – a coalition of cybersecurity companies, government agencies, law enforcement organisations, technology firms, ...
- Babuk quits ransomware encryption, focuses on data-theft extortion
April 30, 2021
A new message today from the operators of Babuk ransomware clarifies that the gang has decided to close the affiliate program and move to an extortion model that does not rely on encrypting victim computers. The explanation comes after yesterday the group posted and deleted two announcements about their plan to close the project and release ...
- UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat
April 29, 2021
Mandiant has observed an aggressive financially motivated group, UNC2447, exploiting one SonicWall VPN zero-day vulnerability prior to a patch being available and deploying sophisticated malware previously reported by other vendors as SOMBRAT. Mandiant has linked the use of SOMBRAT to the deployment of ransomware, which has not been previously reported publicly. UNC2447 monetizes intrusions by extorting ...