Cybercriminal group TeamPCP has escalated software supply chain attacks, compromising hundreds of open source tools weekly. Their latest target, GitHub, claims 3,800 repositories were affected. The group uses malware to steal credentials, enabling further compromises and data extortion.
Cybercriminal group TeamPCP has escalated software supply chain attacks, corrupting hundreds of open source tools and breaching companies like GitHub and OpenAI. Their methods involve infecting code, stealing credentials, and using self-spreading worms, leading to widespread distrust in the open source ecosystem.
Cybersecurity firms StepSecurity and SafeDep warn of a new wave of "supply chain" attacks targeting open source projects. Hackers compromised developer accounts to push malicious updates, aiming to steal credentials and spread malware. The campaign, dubbed "Mini Shai-Hulud," has affected packages like Alibaba's Antv.
OpenAI's internal development environment was breached by hackers using compromised TanStack npm package, affecting employee devices and limited code repositories, but no customer data or production systems were compromised.
Checkmarx, a security firm, has suffered a devastating series of breaches over 40 days. It was first compromised through a supply-chain attack on the Trivy vulnerability scanner on March 19, with attackers pushing malware that stole credentials. Checkmarx's own GitHub account was then breached on March 23, pushing malware to its users. Despite remediation, a new malware wave appeared April 22. The Lapsu$ ransomware group subsequently dumped stolen data on the dark web on March 30, originating from Checkmarx's GitHub repositories. Another security firm, Bitwarden, was also affected in the same Trivy supply-chain attack.
A supply chain attack compromised element-data, an open source CLI for monitoring ML systems. Attackers exploited a vulnerability in a GitHub action to steal developer account tokens and signing keys, then published malicious version 0.23.3 that scraped credentials from infected systems. The package was removed within 12 hours, but users who installed it should assume credentials were exposed and rotate all sensitive access keys immediately.
CertiK has urged crypto users not to overlook basic security practices as major crypto hacks spiked in April.
