Google, CrowdStrike and Shadowserver take down Glassworm botnet targeting developers
Google, CrowdStrike, and Shadowserver just took down the Glassworm botnet, a hacking network that spent two years going after software developers.
The group broke into more than 300 GitHub repositories by stealing credentials, publishing malicious extensions on a marketplace used by developers, and using fake ads to spread malware.
Their attacks slipped harmful code into open-source projects used by organizations and users.
Glassworm command and control channels disrupted
Glassworm's main trick was targeting developers, the folks who build the apps we all use.
By hacking just one developer, they could mess up entire software supply chains.
The takedown disrupted four command-and-control channels that relied on the Solana blockchain, BitTorrent, Google Calendar, and virtual private servers, which stopped Glassworm's operations cold.
CrowdStrike's statement that "Adversaries are no longer just targeting products, they're targeting the developers who build them." staying alert online is more important than ever for anyone building or using tech tools.