A recent security report highlights multiple cyber threats, including the discovery of six malicious npm packages linked to the Lazarus hacker group, which are designed to steal sensitive credentials and deploy malware. Additionally, a serious vulnerability in SolarWinds’ web help desk has been uncovered, allowing attackers to decrypt sensitive credentials. Affected: npm platform, SolarWinds, Colombian government, various organizations.
Keypoints :
- Lazarus hackers have uploaded six malicious npm packages aimed at stealing accounts and crypto information.
- The npm packages used typosquatting tactics to trick developers into downloading them.
- Reports indicate that these malicious packages have been downloaded 330 times.
- A vulnerability in SolarWinds’ web help desk allows attackers to decrypt sensitive passwords and access systems.
- Colombian government targeted by Blind Eagle hacker group using malicious URL files.
- A significant percentage of data breaches are attributed to human error.
- Ongoing scams misusing Elon Musk’s name to sell fake energy-saving devices via text messages.
MITRE Techniques :
- Initial Access (T1071): Use of malicious npm packages to gain access to developer environments.
- Credential Dumping (T1003): Malicious packages designed to collect sensitive browser passwords and cryptocurrency wallet data.
- Exploitation of Remote Services (T1210): Exploiting Cloud Storage services to distribute malware.
- Command and Control (T1071): Communication with exfiltrated systems using the compromised npm packages.
- Obfuscated Files or Information (T1027): Use of typosquatting and disguised package names to avoid detection.
Indicator of Compromise :
- [URL] http://binance-web3comru
- [URL] http://klclick2com
- [URL] http://shopifycoursesstore
- [Package] is-buffer-validator
- [Package] yoojae-validator
Full Story: https://www.aqniu.com/homenews/108619.html