Checkmarx Reveals Threat Actor ‘Fully Automating’ NPM Supply Chain Attacks

34
Checkmarx Reveals Threat Actor Fully Automating NPM Supply Chain Attacks-01

Checkmarx’s threat hunters raised an alert on Monday after uncovering a threat actor who was totally automating the generation and delivery of “hundreds of malicious packages” into the NPM ecosystem.

The Checkmarx alert follows Snyk’s finding of deliberate sabotage of NPM package managers, raising additional concerns about the threat landscape in the software supply chain. A threat actor known as RED-LILI has “completely automated” the process of creating NPM accounts to launch difficult-to-detect dependency confusion attacks, according to a Checkmarx report.

In its documentation of the attacks, the company revealed the whole list of malicious packages, and Harush warns that a resourceful attacker who can fully automate – and hide – hostile NPM packages is a dangerous indicator.

Read More: https://www.securityweek.com/checkmarx-finds-threat-actor-fully-automating-npm-supply-chain-attacks