Techly NewsGet the app

Get the latest tech news

Yearlong supply-chain attack targeting security pros steals 390K credentials


Multifaceted, high-precision campaign targets malicious and benevolent hackers alike.

A sophisticated and ongoing supply-chain attack operating for the past year has been stealing sensitive login credentials from both malicious and benevolent security personnel by infecting them with Trojanized versions of open source software from GitHub and NPM, researchers said. When this post went live, dozens of machines remained infected, and an online account on Dropbox contained some 390,000 credentials for WordPress websites taken by the attackers, most likely by stealing them from fellow malicious threat actors. Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords.

Get the Android app

Or read this on ArsTechnica

Read more on:

Photo of chain attack

chain attack

Photo of security pros

security pros

Photo of K credentials

K credentials

Related news:

News photo

Gang gobbles 15K credentials from cloud and email providers' garbage Git configs

News photo

How $20 and a lapsed domain allowed security pros to undermine internet integrity

News photo

Revival Hijack supply-chain attack threatens 22,000 PyPI packages

« Auto parts giant LKQ says cyberattack disrupted Canadian business unit
The FTC warns gamified job scams are on the rise »