CrowdStrike, working with Google and Shadowserver, a nonprofit group that scans and displays the web for cyberattacks, took down a botnet that cybercriminals used to push malware and steal passwords from open-source software program builders.
The takedown operation had the purpose of disrupting the actions of the cybercriminals behind the so-called Glassworm botnet, who’ve been concentrating on the broader open supply software program provide chain for 2 years, in keeping with CrowdStrike.
In latest months, a number of hacking teams have focused builders and open supply initiatives to push malicious software program to firms and organizations who in flip use that software program. These assaults might be efficient as a result of they exploit the belief that firms put into code that’s hosted on platforms like GitHub, and the employees behind that code.
“Adversaries are now not simply concentrating on merchandise, they’re concentrating on the builders who construct them,” CrowdStrike wrote in its report in regards to the takedown operation. “Builders signify uniquely high-value targets: compromising a single developer’s workstation can cascade right into a supply-chain compromise that impacts hundreds of downstream organizations and customers.”
The Glassworm hackers used a number of methods to push out their malicious code. This included publishing malicious extensions on a market utilized by builders; by malvertising — the place hackers pay for sponsored search outcomes that trick victims into downloading malware; and utilizing credentials stolen in earlier hacks, which allowed the hijacking of developer accounts and the planting of malware of their code.
In the long run, the hackers have been capable of poison — as CrowdStrike put it — greater than 300 GitHub code repositories.
Contact Us
Do you will have extra details about the Glassworm hacking group? Or about different provide chain assaults? From a non-work system, you’ll be able to contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or through Telegram, Keybase and Wire @lorenzofb, or by e mail.
CrowdStrike mentioned it was capable of takedown 4 command-and-control channels utilized by the Glassworm hackers, which reduce the hackers’ entry to contaminated computer systems and stopped them from delivering extra malware.
The command-and-control servers relied on the Solana blockchain, the BitTorrent peer-to-peer community, Google Calendar, and digital personal servers, in keeping with CrowdStrike.
It’s not clear on what authorized or technical authority CrowdStrike and others operated beneath to takedown the operation. A spokesperson for CrowdStrike didn’t instantly remark.
Final week, hackers compromised a number of open supply initiatives that pushed out malicious updates in a unique hacking marketing campaign that was referred to as “Mini Shai-Hulud.” An OpenAI developer was compromised by this group of hackers. In one other provide chain assault in March, a suspected North Korean hacker hijacked the favored open supply software program improvement instrument Axios, which is utilized by thousands and thousands of builders.
Whenever you buy by way of hyperlinks in our articles, we could earn a small fee. This doesn’t have an effect on our editorial independence.