The Checkmarx Research team recently discovered an attack campaign targeting the software supply chain, with evidence of successful exploitation of multiple victims. These include the Top.gg GitHub organization (a community of over 170k users) and several individual developers. The threat actors used multiple TTPs in this attack, including account takeover via stolen browser cookies, contributing malicious code with verified commits, setting up a custom Python mirror, and publishing malicious packages to the PyPi registry. This Checkmarx article will cover the attack and the techniques used by the attackers.[1]
Link to full report: IR-24-087-001_FakePython.pdf
[1] https://checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/
Comments