GitHub Warns Devs of North Korean Attacks

GitHub has warned of a new North Korean threat campaign designed to compromise victims via malicious npm package dependencies.

The development platform claimed in a blog post earlier this week that the attacks targeted employees in the blockchain, cryptocurrency, online gambling and cybersecurity sectors.

Attacks start with the threat actors impersonating a developer or recruiter with a fake GitHub, LinkedIn, Slack or Telegram profile, according to Alexis Wales, VP of GitHub security operations. In some cases, the attacker may hijack legitimate accounts.

They then initiate contact with the target and attempt to move the conversation to another platform.

“After establishing contact with a target, the threat actor invites the target to collaborate on a GitHub repository and convinces the target to clone and execute its contents,” Wales explained.

“The GitHub repository may be public or private. The GitHub repository contains software that includes malicious npm dependencies. Some software themes used by the threat actor include media players and cryptocurrency trading tools.”

These malicious dependencies act as first-stage malware designed to download a second-stage threat to the victim’s machine, although it’s unclear exactly what this is.

“The threat actor often publishes their malicious packages only when they extend a fraudulent repository invitation, minimizing the exposure of the new malicious package to scrutiny,” said Wales.

“In some cases, the actor may deliver the malicious software directly on a messaging or file sharing platform, bypassing the repository invitation/clone step.”

GitHub claimed with “high confidence” that attackers belong to the North Korean group known as “Jade Sleet” by Microsoft Threat Intelligence and “TraderTraitor” by the US Cybersecurity and Infrastructure Security Agency (CISA).

In related news, an attack on SSO vendor JumpCloud at the end of June has also been attributed to North Korea, according to SentinelOne.

Image credit: Piotr Swat / Shutterstock.com

Source link

GitHub Warns Devs of North Korean Attacks

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)

Related Post

VMWARE

Configuration Templates