Malicious packages on NuGet pose a significant threat by containing sabotage payloads scheduled to activate in 2027 and 2028, targeting databases and Siemens S7 PLCs. These packages use probabilistic triggers to execute harmful actions, potentially disrupting industrial operations and compromising data integrity. #NuGet #Shanhai666
Keypoints
- Researchers identified nine malicious NuGet packages with sabotage payloads under the developer shanhai666.
- The packages target major .NET database providers and Siemens S7 PLC communication via the Sharp7 library.
- Malicious code is embedded within legitimate functions, enabling hidden execution during database or PLC operations.
- The sabotage activates probabilistically between August 2027 and November 2028, with a 20% chance to terminate processes or corrupt PLC writes.
- Organizations should audit for these packages and verify PLC operations to prevent potential industrial disruptions.
Read More: https://www.bleepingcomputer.com/news/security/malicious-nuget-packages-drop-disruptive-time-bombs/