The article discusses SapphireStealer, an open-source information stealer thatās been gaining traction in public malware repositories and underground forums, and how attackers are leveraging open-source tooling to customize and evade detection. It also notes dā¦
Tag: SUPPLY CHAIN
ASEC analyzes Andariel’s recent activity in Korea, linking Go-based backdoors such as Innorix Agent abuse, Goat RAT, TigerRat, NukeSped, AndarLoader, and DurianBeacon to past campaigns and possible Lazarus affiliation. The post highlights Go-language malware tā¦
An npm package named emails-helper was used to deliver encrypted binaries and C2 tooling, exfiltrating developer data and instructing on how to deploy tools like dnscat2, mettle, and Cobalt Strike Beacon. The attack leverages an npm preinstall hook, DNS TXT reā¦
ReversingLabs discovered a supply-chain campaign on npm where typosquatted packages impersonating the noblox.js Roblox API delivered a multistage payload that installed Luna Grabber. The attack used a malicious postinstall.js to fetch a second-stage script froā¦
Scattered Spider (UNC3944, Scatter Swine, Muddled Libra) is a financially motivated threat actor active since May 2022, primarily targeting telecom and BPO sectors and expanding to critical infrastructure. The group relies on social engineering, signed kernel ā¦
Symantec researchers describe Carderbee, a newly named APT group that used the Cobra DocGuard software in a supply chain attack to deploy the Korplug backdoor (PlugX) onto victim machines, primarily in Hong Kong. The operation relies on legitimate software andā¦
FortiGuard Labs detected malicious PyPI packages in early July and leveraged an AI-powered OSS threats-hunting system to identify threats in near real-time. The campaigns reuse multiple PyPI IDs across two package sets, include encrypted payloads that execute ā¦
Moq versions 4.20.0 and 4.20.1 introduced a new dependency, Devlooped.SponsorLink, which contains an obfuscated DLL that reads a developer’s local git email, hashes it, and sends the result to a cloud service during build. The behavior is evasive (checks CI enā¦
In July 2023, Mandiant Consulting responded to a supply chain compromise affecting a US-based software solutions entity. We believe the compromise ultimately began as a result of a sophisticated spear phishing campaign aimed at JumpCloud, a zero-trust directory platform service used for identity and access management. JumpCloud reported this unauthorized access…
GitHub identified a low-volume social engineering campaign that targets the personal accounts of employees at technology firms, using fake persona accounts on GitHub and other platforms to lure victims into collaborating on a repository. The malicious npm depeā¦
The article explains how AWS and Checkmarx collaborate to help financial services firms secure cloud-native applications and speed secure development, while emphasizing OSS supply chain risk management. It highlights three trendsācustomer experience, ecosystemā¦
ReversingLabsā researchers uncovered more than a dozen malicious npm packages used to power a dual-use campaign that blends phishing against Microsoft 365 users with software supply chain manipulation. Dubbed Operation Brainleeches, the campaign features two dā¦
Misspelled Python packages on PyPI were used to spread InfoStealers and loaders, with CRIL tracking over 160 malicious packages that accumulated more than 45,000 downloads before removal. The report highlights multiple malware families (Creal Stealer, TIKCOCK ā¦
XeGroup is a long-running threat actor whose re-emergence involves opportunistic operations such as credit-card skimming, fake websites, and data sale on the dark web. The group exploits public-facing applications (notably CVE-2019-18935 on IIS), deploys ASPXSā¦
Eclypsium reveals a backdoor-like risk in Gigabyteās app center firmware where a Windows native executable is dropped into UEFI and executed at startup, enabling further payloads to be downloaded and run. The disclosure underscores supply-chain and local-envirā¦