Techly NewsGet the app

Get the latest tech news

Yearlong Supply-Chain Attack Targeting Security Pros Steals 390,000 Credentials


An anonymous reader quotes a report from Ars Technica: A sophisticated and ongoing supply-chain attack operating for the past year has been stealing sensitive login credentials from both malicious and benevolent security personnel by infecting them with Trojanized versions of open source software fr...

An anonymous reader quotes a report from Ars Technica: A sophisticated and ongoing supply-chain attack operating for the past year has been stealing sensitive login credentials from both malicious and benevolent security personnel by infecting them with Trojanized versions of open source software from GitHub and NPM, researchers said. The unknown threat actors behind the campaign have also employed spear phishing that targets thousands of researchers who publish papers on the arXiv platform. When this post went live, dozens of machines remained infected, and an online account on Dropbox contained some 390,000 credentials for WordPress websites taken by the attackers, most likely by stealing them from fellow malicious threat actors.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of credentials

credentials

Photo of chain attack

chain attack

Photo of security pros

security pros

Related news:

News photo

Yearlong supply-chain attack targeting security pros steals 390K credentials

News photo

Adobe Results Seen as ‘Make-or-Break’ to Prove AI Credentials

News photo

Chinese hackers exploit Fortinet VPN zero-day to steal credentials

« Energy-Harvesting Electronic Holiday Card 2024
Structure-Based Search of the Entire AlphaFold Protein Structure Database »