logo
welcome
About us
Newsletter
News Widget
Media Inquiries

Summary

Supply-chain attack targets researchers

This is a news story, published by Ars Technica, that relates primarily to GitHub news.

software applications news

For more software applications news, you can click here:

more software applications news

Ars Technica news

For more news from Ars Technica, you can click here:

more news from Ars Technica

About the Otherweb

Otherweb, Inc is a public benefit corporation, dedicated to improving the quality of news people consume. We are non-partisan, junk-free, and ad-free. We use artificial intelligence (AI) to remove junk from your news feed, and allow you to select the best tech news, business news, entertainment news, and much more. If you like software applications news, you might also like this article about

fellow malicious threat actors

. We are dedicated to bringing you the highest-quality news, junk-free and ad-free, about your favorite topics. Please come every day to read the latest mysterious unattributed threat news, Datadog Security Labs news, software applications news, and other high-quality news about any topic that interests you. We are working hard to create the best news aggregator on the web, and to put you in control of your news feed - whether you choose to read the latest news through our website, our news app, or our daily newsletter - all free!

malware
Ars Technica

Ars Technica

Yearlong supply-chain attack targeting security pros steals 390K credentials

Ars Technica
Summary
Nutrition label

75% Informative

A sophisticated supply-chain attack has been operating for the past year , researchers say.

The campaign uses Trojanized versions of open source software from GitHub and NPM .

It's unclear who the threat actors are or what their motives may be.

An online account on Dropbox contained 390,000 credentials for WordPress websites taken by the attackers.

VR Score

70

Informative language

66

Neutral language

45

Article tone

informal

Language

English

Language complexity

67

Offensive language

possibly offensive

Hate speech

not hateful

Attention-grabbing headline

not detected

Known propaganda techniques

not detected

Time-value

medium-lived

External references

4

https://securitylabs.datadoghq.com/articles/mut-1244-targeting-offensive-actors/https://checkmarx.com/blog/dozens-of-machines-infected-year-long-npm-supply-chain-attack-combines-crypto-mining-and-data-theft/https://en.wikipedia.org/wiki/XML-RPChttps://nodejs.org/

Source diversity

4

securitylabs.datadoghq.comcheckmarx.comen.wikipedia.orgnodejs.org

Affiliate links

no affiliate links

Read full article