Kowatek Solar LTD
OpenAI Expands Daybreak to Help Defenders Patch Flaws
14:33
OpenAI Expands Daybreak to Help Defenders Patch Flaws
Published at Ceramics International – Upcycling copper slag into high-performance spinel-based ceramics with integrated solar absorption and storage
09:15
Published at Ceramics International – Upcycling copper slag into high-performance spinel-based ceramics with integrated solar absorption and storage
Engineers Explore Pneumatic Air Spring Actuation for 30-40 Percent Boost to Outputs of Industrial Energy and Rural Solar Farms
17:53
Engineers Explore Pneumatic Air Spring Actuation for 30-40 Percent Boost to Outputs of Industrial Energy and Rural Solar Farms
Climate fiction envisions the future of hurricanes and sea level rise » Yale Climate Connections
11:10
Climate fiction envisions the future of hurricanes and sea level rise » Yale Climate Connections
Sunshine & Heat Pumps — How Greece Does Net Zero
17:54
Sunshine & Heat Pumps — How Greece Does Net Zero
ARENA commits AU$95.4 million to extend ACAP to 2033
09:20
ARENA commits AU$95.4 million to extend ACAP to 2033
Do You Have The Right Inverter For 3 Free Hours Of Power?
09:18
Do You Have The Right Inverter For 3 Free Hours Of Power?
Enphase Energy brings microinverter tech to data centres
09:17
Enphase Energy brings microinverter tech to data centres
Ohmium and Hynfra partner on green hydrogen
09:16
Ohmium and Hynfra partner on green hydrogen
HVR Solar signs MoU for 1.2GW TOPCon cell manufacturing plant
17:54
HVR Solar signs MoU for 1.2GW TOPCon cell manufacturing plant

GitHub Warns Devs of North Korean Attacks

GitHub has warned of a new North Korean threat campaign aimed at compromising victims via malicious npm package dependencies.

In a blog post earlier this week, the development platform claimed the attacks targeted employees in its blockchain, cryptocurrency, online gambling and cybersecurity departments.

According to Alexis Wales, vice president of security operations at GitHub, attacks begin with attackers impersonating developers or recruiters using fake GitHub, LinkedIn, Slack, or Telegram profiles. In some cases, attackers can take over legitimate accounts.

Read more about the North Korean attack: North Korean APT Kimsuky Launches Global Spear Phishing Campaign.

It then initiates contact with the target and attempts to transfer the conversation to another platform.

“After establishing contact with the target, the attackers invite the target to collaborate on a GitHub repository and persuade the target to clone and execute the content,” Welsh explained.

“GitHub repositories can be public or private. GitHub repositories contain software with malicious npm dependencies. Software themes used by threat actors include media players and cryptocurrency trading tools.”

These malicious dependencies act as first-stage malware designed to download a second-stage threat to the victim’s machine, although it is unclear what exactly this is.

“Attackers often publish malicious packages only by prolonging invitations to rogue repositories, minimizing the exposure of new malicious packages to scrutiny,” Welsh said.

“In some cases, attackers may bypass the repository invite/clone procedure and distribute malicious software directly on messaging and file-sharing platforms.”

GitHub claimed with “high confidence” that the attackers belonged to a North Korean group known as “Jade Sleet” by Microsoft Threat Intelligence and “TraderTraitor” by the US Cybersecurity and Infrastructure Security Agency (CISA).

In related news, according to SentinelOne, an attack on SSO vendor JumpCloud at the end of June was also attributed to North Korea.

Image credit: Piotr Swat / Shutterstock.com

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us