CrowdStrike, working with Google and Shadowserver, a nonprofit group that scans and displays the web for cyberattacks, took down a botnet that cybercriminals used to push malware and steal passwords from open-source software program builders.
The takedown operation had the aim of disrupting the actions of the cybercriminals behind the so-called Glassworm botnet, who’ve been concentrating on the broader open supply software program provide chain for 2 years, in accordance with CrowdStrike.
In current months, a number of hacking teams have focused builders and open supply tasks to push malicious software program to corporations and organizations who in flip use that software program. These assaults will be efficient as a result of they exploit the belief that corporations put into code that’s hosted on platforms like GitHub, and the employees behind that code.
“Adversaries are now not simply concentrating on merchandise, they’re concentrating on the builders who construct them,” CrowdStrike wrote in its report in regards to the takedown operation. “Builders characterize uniquely high-value targets: compromising a single developer’s workstation can cascade right into a supply-chain compromise that impacts 1000’s of downstream organizations and customers.”
The Glassworm hackers used a number of methods to push out their malicious code. This included publishing malicious extensions on a market utilized by builders; by malvertising — the place hackers pay for sponsored search outcomes that trick victims into downloading malware; and utilizing credentials stolen in earlier hacks, which allowed the hijacking of developer accounts and the planting of malware of their code.
Ultimately, the hackers had been capable of poison — as CrowdStrike put it — greater than 300 GitHub code repositories.
Contact Us
Do you’ve extra details about the Glassworm hacking group? Or about different provide chain assaults? From a non-work gadget, you possibly can contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or through Telegram, Keybase and Wire @lorenzofb, or by email.
CrowdStrike mentioned it was capable of takedown 4 command-and-control channels utilized by the Glassworm hackers, which minimize the hackers’ entry to contaminated computer systems and stopped them from delivering extra malware.
The command-and-control servers relied on the Solana blockchain, the BitTorrent peer-to-peer community, Google Calendar, and digital non-public servers, in accordance with CrowdStrike.
It’s not clear on what authorized or technical authority CrowdStrike and others operated below to takedown the operation. A spokesperson for CrowdStrike didn’t instantly remark.
Final week, hackers compromised several open source projects that pushed out malicious updates in a special hacking marketing campaign that was known as “Mini Shai-Hulud.” An OpenAI developer was compromised by this group of hackers. In one other provide chain assault in March, a suspected North Korean hacker hijacked the popular open source software development tool Axios, which is utilized by tens of millions of builders.
Whenever you buy by hyperlinks in our articles, we may earn a small commission. This doesn’t have an effect on our editorial independence.
