Skip to main content

Japan Blames North Korea for PyPI Supply Chain Cyberattack

posted onMarch 11, 2024
by l33tdawg
Dark Reading
Credit: Dark Reading

Japanese cybersecurity officials warned that North Korea's infamous Lazarus Group hacking team recently waged a supply chain attack targeting the PyPI software repository for Python apps.

Threat actors uploaded tainted packages with names such as "pycryptoenv" and "pycryptoconf" -- similar in name to the legitimate "pycrypto" encryption toolkit for Python. Developers who get tricked into downloading the nefarious packages onto their Windows machines are infected with a dangerous Trojan known as Comebacker.

"The malicious Python packages confirmed this time have been downloaded approximately 300 to 1,200 times," Japan CERT said in a warning issued late last month. "Attackers may be targeting users' typos to have the malware downloaded." Gartner senior director and analyst Dale Gardner describes Comebacker as a general purpose Trojan used for dropping ransomware, stealing credentials, and infiltrating the development pipeline.

Source

Tags

Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th