CrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacks - BERITAJA

CrowdStrike, moving pinch Google and Shadowserver, a nonprofit statement that scans and monitors the net for cyberattacks, took down a botnet that cybercriminals utilized to push malware and bargain passwords from open-source package developers.

The takedown operation had the extremity of disrupting the activities of the cybercriminals down the alleged Glassworm botnet, who person been targeting the broader unfastened root package proviso concatenation for 2 years, according to CrowdStrike. 

In caller months, respective hacking groups person targeted developers and unfastened root projects to push malicious package to companies and organizations who successful move usage that software. These attacks could beryllium effective because they utilization the spot that companies put into codification that’s hosted connected platforms for illustration GitHub, and the workers down that code.

“Adversaries are nary longer conscionable targeting products, they’re targeting the developers who build them,” CrowdStrike wrote successful its study about the takedown operation. “Developers correspond uniquely high-value targets: compromising a azygous developer’s workstation could cascade into a supply-chain discuss that impacts thousands of downstream organizations and users.”

The Glassworm hackers utilized respective strategies to push retired their malicious code. This included publishing malicious extensions connected a marketplace utilized by developers; by malvertising — wherever hackers salary for sponsored hunt results that instrumentality victims into downloading malware; and utilizing credentials stolen successful erstwhile hacks, which allowed the hijacking of developer accounts and the planting of malware successful their code. 

In the end, the hackers were capable to poison — arsenic CrowdStrike put it — much than 300 GitHub codification repositories. 

CrowdStrike said it was capable to takedown 4 command-and-control channels utilized by the Glassworm hackers, which trim the hackers’ entree to infected computers and stopped them from delivering much malware.

The command-and-control servers relied connected the Solana blockchain, the BitTorrent peer-to-peer network, Google Calendar, and virtual backstage servers, according to CrowdStrike.

It’s not clear connected what ineligible aliases method authority CrowdStrike and others operated nether to takedown the operation. A spokesperson for CrowdStrike did not instantly comment. 

Last week, hackers compromised respective unfastened root projects that pushed retired malicious updates successful a different hacking run that was called “Mini Shai-Hulud.” An OpenAI developer was compromised by this group of hackers. In different proviso concatenation onslaught successful March, a suspected North Korean hacker hijacked the celebrated unfastened root package improvement instrumentality Axios, which is utilized by millions of developers.