CrowdStrike, in collaboration with Google and Shadowserver, has dismantled a botnet known as Glassworm, which targeted open-source software developers. Over the past two years, this network deployed malware through developer accounts and code distribution channels to steal passwords and compromise over 300 GitHub repositories. The attackers used methods such as publishing malicious plugins, purchasing search ads to lure downloads, and taking over developer accounts with stolen credentials.
The operation severed four command-and-control channels, including those using the Solana blockchain and BitTorrent network, reducing the attackers' ability to deploy additional malware. This action comes amid a rise in supply chain attacks on open-source projects, with recent incidents affecting developers and projects globally. The report also noted a similar attack in March linked to North Korean hackers, underscoring the increasing focus on developer accounts as prime targets.
CrowdStrike and Google Dismantle Developer-Targeting Botnet
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.