Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
CrowdStrike, working with Google and Shadowserver, a non-profit organization that monitors and monitors the Internet for cyber threats, took down a botnet that cybercriminals used to push malware and steal passwords from open source software developers.
The removal service was intended to disrupt the activities of the cybercriminals known as the Glassworm botnet, which has been targeting open source software for two years, according to CrowdStrike.
In recent months, several hacking groups have gone after software developers and open source projects to push malicious software to companies and organizations that use the software. These attacks can be effective because they take advantage of the trust companies place in the systems they host on platforms like GitHub, and the employees behind the code.
“The adversaries are no longer just targeting products, they are targeting the developers who make them,” CrowdStrike wrote in its report on the takedown operation. “Developers represent the highest levels of value: disrupting the work environment of one developer can be a risk that affects organizations and thousands of users.”
Glassworm hackers used several methods to release their malicious code. This includes the dissemination of harmful additives on the market for use by manufacturers; by malvertising – where hackers pay for search results that trick people into downloading malware; and using information stolen in previous hacks, which allowed the hacking of developer accounts and planting malware in their code.
In the end, hackers were able to poison – as CrowdStrike reported – more than 300 GitHub code repositories.
contact us
Do you have information about the Glassworm hacking community? Or about another attack on suppliers? From a non-working device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or on email.
CrowdStrike said it was able to remove four control and monitoring methods used by the Glassworm hackers, which reduced the hackers’ access to infected computers and prevented them from delivering more malware.
Command-and-control servers relied on the Solana blockchain, the BitTorrent peer-to-peer network, Google Calendar, and private servers, according to CrowdStrike.
It is not clear what legal or technical team CrowdStrike and others have done to take down the project. A CrowdStrike spokesperson did not immediately comment.
Last week, hackers compromised several open source projects which produced malicious updates in another hacking campaign called “Mini Shai-Hulud.” Developer of OpenAI it was messed up and this group of hackers. In another market threat for March, the North Korean suspect hacked the popular Axios open source softwarewhich is used by millions of developers.
When you purchase through links in our articles, we can get a little work. This does not affect our authorship.