Large-Scale Supply Chain Attack More Than 800 Malicious

Senate Releases Report on Russia’s Ransomware Attacks, Attempts on U.S. businesses

March 30, 2022

Turning Point for Efficiency at Dominion Energy South Carolina – SACE | Southern Alliance for Clean Energy

March 31, 2022

Published by Certrec on March 30, 2022

Summary:

A threat actor dubbed "RED-LILI" has been linked to an ongoing, large-scale, supply chain attack campaign targeting the NPM package repository by publishing nearly 800 malicious modules. According to a detailed analysis of RED-LILI's modus operandi, earliest evidence of anomalous activity is said to have occurred on February 23, 2022, with the cluster of malicious packages published in "bursts" over a span of a week. Specifically, the automation process for uploading the rogue libraries to NPM, which Checkmarx described as a "factory," involves using a combination of custom Python code and web testing tools like Selenium to simulate user actions required for replicating the user creation process in the registry. To get past the one-time password (OTP) verification barrier put in place by NPM, the attacker leverages an open-source tool called Interactsh to extract the OTP sent by NPM servers to the email address provided during sign-up, effectively allowing the account creation request to succeed.

Additional Discussion:

Link

https://checkmarx.com/blog/a-beautiful-factory-for-malicious-packages/

Certrec

Comments are closed.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

A Large-Scale Supply Chain Attack Distributed More Than 800 Malicious NPM Packages

Senate Releases Report on Russia’s Ransomware Attacks, Attempts on U.S. businesses

Turning Point for Efficiency at Dominion Energy South Carolina – SACE | Southern Alliance for Clean Energy

Summary:

Additional Discussion:

Certrec