Source URL: https://it.slashdot.org/story/24/12/13/2220211/yearlong-supply-chain-attack-targeting-security-pros-steals-390000-credentials?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: Yearlong Supply-Chain Attack Targeting Security Pros Steals 390,000 Credentials
Feedly Summary:
AI Summary and Description: Yes
Summary: The text discusses a sophisticated supply-chain attack targeting security personnel through Trojanized open-source software, revealing significant vulnerabilities in software distribution methods. This ongoing campaign is notable for its multi-faceted approach, including the collection of sensitive credentials and the installation of cryptomining software, underscoring the critical need for improved security measures in open-source environments.
Detailed Description: The report highlights a sophisticated, ongoing supply-chain attack that has been affecting security personnel for over a year, primarily through the use of Trojanized versions of widely-used open-source software from platforms like GitHub and NPM. Here are the key elements of the attack:
– **Targeted Individuals**: The attackers have focused on both malicious and benevolent security personnel by infiltrating their devices with Trojanized software.
– **Delivery Mechanisms**:
– The malicious campaigns leverage open-source repositories, distributing infected packages that have been available for over a year.
– Attackers have also utilized spear-phishing tactics targeting researchers who publish on the arXiv platform.
– **Malicious Objectives**: The threat actors aim to collect critical information from infected devices:
– SSH private keys
– Amazon Web Services access keys
– Command histories
– Other sensitive data, with data exfiltration occurring every 12 hours.
– **Impact**: At the time of reporting, dozens of machines were still infected. A Dropbox account linked to the attackers contained approximately 390,000 stolen credentials for WordPress websites, likely obtained from fellow malicious actors.
– **Malware Functionality**: In addition to credential theft, the malware also installs cryptomining software on infected devices, affecting at least 68 machines as of the last month.
– **Threat Attribution**: The research teams, including Checkmarx and Datadog Security Labs, have designated the threat actor group as MUT-1244, indicating their mysterious and unattributed nature.
This incident underlines the vulnerabilities associated with open-source software and the critical need for stringent security protocols in software development and distribution. The attack also emphasizes the importance of awareness and caution among security professionals, especially in terms of software supply chain security and defenses against social engineering attacks.