Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Hackers have compromised several popular open source projects relied on by software developers around the world in an ongoing cyberattack.
On Tuesday, cybersecurity companies StepSecurity and SafeDep Microsoft has warned of the latest wave of so-called “supply chain” attacks, which aim to compromise developers of popular open source projects and use that access to plant malicious updates that are pushed to users.
According to SafeDep, hackers took over a developer’s account and released more than 630 malicious versions via 317 packages in about 20 minutes. The goal of the attack is to steal credentials for various services, including password managers, as a way to steal data and further spread malware.
Among the packages hacked by the hackers is the Antv library created by Alibaba. In some cases, hackers posted malicious updates on GitHub, According to JFrog Security.
This latest wave of attacks is part of a broader campaign targeting open source projects and developers who use the code for their own projects. Researchers dubbed the hacks “Mini Shai-Hulud,” after the attack followed a previous, more extensive hacking campaign.
Last week, in another wave of attacks as part of the Mini Tea Khulud attacks, Hackers have compromised the computers of two OpenAI employees After hacking the open source TanStack library. OpenAI was just one of many casualties.
