supply chain attacks (1)

11020228280?profile=RESIZE_400xBy monitoring an open-source ecosystem, the FortiGuard Labs team recently discovered over 60 zero-day attacks embedded in PyPI packages (Python Package Index) between early February and mid-March of 2023.  In this report[1], analysts cover all the packages found, grouping them into similar attacks or behaviors.

 

 

The packages in this set were found to be similar:

  • py-hydraurlstudy (version 2.37)
  • tptoolpywgui (version 10.56)
  • libgetrandram (version 7.78)
  • esqultraultrapong (version 7.37)
  • esqhacke