Skip to main content

GitHub Developers Hit in Complex Supply Chain Cyberattack

posted onMarch 25, 2024
by l33tdawg
Dark Reading
Credit: Dark Reading

n unidentified group of threat actors orchestrated a sophisticated supply chain cyberattack on members of the Top.gg GitHub organization as well as individual developers in order to inject malicious code into the code ecosystem.

The attackers infiltrated trusted software development elements to compromise developers. They hijacked GitHub accounts with stolen cookies, contributed malicious code via verified commits, established a counterfeit Python mirror, and released tainted packages on the PyPi registry.

"Multiple TTPs help attackers create sophisticated attacks, evade detection, increase the chances of successful exploitation, and complicate defense efforts," says Jossef Harush Kadouri, head of software supply chain security at Checkmarx.

Source

Tags

Industry News Security

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th