CrowdStrike, working with Google and Shadowserver, a nonprofit organization that scans and monitors the internet for cyberattacks, took down a botnet that cybercriminals used to push malware and steal passwords from open-source software developers.
The takedown operation had the goal of disrupting the activities of the cybercriminals behind the so-called Glassworm botnet, who have been targeting the broader open source software supply chain for two years, according to CrowdStrike.
In recent months, several hacking groups have targeted developers and open source projects to push malicious software to companies and organizations who in turn use that software. These attacks can be effective because they exploit the trust that companies put into code that’s hosted on platforms like GitHub, and the workers behind that code.
“Adversaries are no longer just targeting products, they’re targeting the developers who build them,” CrowdStrike wrote in its report about the takedown operation. “Developers represent uniquely high-value targets: compromising a single developer’s workstation can cascade into a supply-chain compromise that impacts thousands of downstream organizations and users.”
The Glassworm hackers used several strategies to push out their malicious code. This included publishing malicious extensions on a marketplace used by developers; by malvertising — where hackers pay for sponsored search results that trick victims into downloading malware; and using credentials stolen in previous hacks, which allowed the hijacking of developer accounts and the planting of malware in their code.
In the end, the hackers were able to poison — as CrowdStrike put it — more than 300 GitHub code repositories.
Contact Us
Do you have more information about the Glassworm hacking group? Or about other supply chain attacks? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or by email.
CrowdStrike said it was able to takedown four comma …