Software Supply Chain Threat Landscape July 2024: PyPI, NPM, GitHub and macOS
Contents
Software Supply Chain is an easy and a massive target for threat actors due to the use of open-source software packages in several organizations. In July 2024, there were several supply chain attacks from nation-state sponsored threat actors and organized cybercriminal groups.
In terms of Nation-state sponsored attacks, the North Korean threat actors were discovered to be targeting developers with multiple npm packages. On the other hand, an Iraq-based cybercriminal threat group utilized malicious PyPI packages to distribute malware for an extensive underground operation.
In another cyberattack, StackExchange and PyPI were exploited for cryptocurrency theft. macOS developers using Google Cloud Platforms were victimized in a stealthy malware campaign involving a supply chain attack. However, most of these supply chain attacks were associated with Open-source ecosystems.
Attack Vector Analysis
Crypto Wallet Draining via StackExchange Abuse
This attack involved multiple malicious python packages where “spl-types” was one the notable PyPI used. It was uploaded at the end …
In terms of Nation-state sponsored attacks, the North Korean threat actors were discovered to be targeting developers with multiple npm packages. On the other hand, an Iraq-based cybercriminal threat group utilized malicious PyPI packages to distribute malware for an extensive underground operation.
In another cyberattack, StackExchange and PyPI were exploited for cryptocurrency theft. macOS developers using Google Cloud Platforms were victimized in a stealthy malware campaign involving a supply chain attack. However, most of these supply chain attacks were associated with Open-source ecosystems.
Attack Vector Analysis
Crypto Wallet Draining via StackExchange Abuse
This attack involved multiple malicious python packages where “spl-types” was one the notable PyPI used. It was uploaded at the end …
IoC
https://api.aliyun-sdk-requests.xyz/aliyun
https://cryptocopedia.com/explorer/search.asp?token=5032
http://142.111.77.196/manage/manage.asp?id=745681
https://rentry.co/7hnvbc6n/raw
http://142.111.77.196/user/user.asp?id=237596
https://api.telegram.org/bot7265790107:AAE9XT3b23WyBHq-0fw5BwW5U7wzYNZT3cc/sendDocument?chat_id=7069869729
https://ipfs.io/ipfs/QmQcn1grVAFSazs31pJAcQUjdwVQUY9TtZFHgggFBN6wYQ
http://[email protected]
http://142.111.77.196/user/user.asp?id=518437
http://119.8.26.163:58888/p/b66886/os11/
http://147.45.44.114
https://api.aliyun-sdk-requests.xyz/aws
https://rentry.co/xcsshmno/raw
http://europe-west2-workload-422915.cloudfunctions.net
http://142.111.77.196/user/user.asp?id=G6A822B
https://tg.aliyun-sdk-requests.xyz/telegram
https://rentry.co/foyntbdk/raw
https://api.aliyun-sdk-requests.xyz/tencent
https://api.telegram.org/bot7265790107:AAE9XT3b23WyBHq-0fw5BwW5U7wzYNZT3cc/sendPhoto?chat_id=7069869729
https://api.telegram.org/bot6875598996:AAGATybCyN73i3als0VRGlP8cILsFjKf4ao/sendDocument?chat_id=7069869729
https://rentry.co/2p7kv9d8/raw
142.111.77.196
147.45.44.114
119.8.26.163
[email protected]
https://cryptocopedia.com/explorer/search.asp?token=5032
http://142.111.77.196/manage/manage.asp?id=745681
https://rentry.co/7hnvbc6n/raw
http://142.111.77.196/user/user.asp?id=237596
https://api.telegram.org/bot7265790107:AAE9XT3b23WyBHq-0fw5BwW5U7wzYNZT3cc/sendDocument?chat_id=7069869729
https://ipfs.io/ipfs/QmQcn1grVAFSazs31pJAcQUjdwVQUY9TtZFHgggFBN6wYQ
http://[email protected]
http://142.111.77.196/user/user.asp?id=518437
http://119.8.26.163:58888/p/b66886/os11/
http://147.45.44.114
https://api.aliyun-sdk-requests.xyz/aws
https://rentry.co/xcsshmno/raw
http://europe-west2-workload-422915.cloudfunctions.net
http://142.111.77.196/user/user.asp?id=G6A822B
https://tg.aliyun-sdk-requests.xyz/telegram
https://rentry.co/foyntbdk/raw
https://api.aliyun-sdk-requests.xyz/tencent
https://api.telegram.org/bot7265790107:AAE9XT3b23WyBHq-0fw5BwW5U7wzYNZT3cc/sendPhoto?chat_id=7069869729
https://api.telegram.org/bot6875598996:AAGATybCyN73i3als0VRGlP8cILsFjKf4ao/sendDocument?chat_id=7069869729
https://rentry.co/2p7kv9d8/raw
142.111.77.196
147.45.44.114
119.8.26.163
[email protected]