The Cyber Express reported that over 20 CrowdStrike NPM packages were among nearly 200 NPM packages targeted in a sophisticated supply chain attack. This incident has raised concerns about the security of JavaScript packages used outside of browsers.The attack involved a self-propagating worm that automatically infected downstream packages, leading to a cascading compromise across the ecosystem. The malware, named "Shai-Hulud," not only infected CrowdStrike packages but also impacted popular packages like Tinycolor. It executed various functions such as downloading a secret scanner, searching for credentials, creating unauthorized GitHub workflows, and exfiltrating data to a specific URL.The attack on CrowdStrike packages underscores the need for enhanced security measures in the software supply chain. Recommendations from Cyble include conducting audits, implementing automated dependency scanning, and deploying monitoring solutions to detect unauthorized activities. The incident emphasizes the importance of establishing package integrity verification processes and implementing robust security measures like code signing to prevent future supply chain attacks.A CrowdStrike spokesperson released the following statement: "After detecting several malicious Node Package Manager (NPM) packages in the public NPM registry, a third-party open source repository, we swiftly removed them and proactively rotated our keys in public registries. These packages are not used in the Falcon sensor and the platform is not impacted. We identified the single source and isolated it quickly, customers remain protected and do not need to take any actions."
Source: The Cyber Express
Source: The Cyber Express




