Malware, Threat Intelligence, Supply chain

NPM supply chain attack hits CrowdStrike packages

(Credit: Araki Illustrations – stock.adobe.com)

The Cyber Express reported that over 20 CrowdStrike NPM packages were among nearly 200 NPM packages targeted in a sophisticated supply chain attack. This incident has raised concerns about the security of JavaScript packages used outside of browsers.

The attack involved a self-propagating worm that automatically infected downstream packages, leading to a cascading compromise across the ecosystem. The malware, named "Shai-Hulud," not only infected CrowdStrike packages but also impacted popular packages like Tinycolor. It executed various functions such as downloading a secret scanner, searching for credentials, creating unauthorized GitHub workflows, and exfiltrating data to a specific URL.

The attack on CrowdStrike packages underscores the need for enhanced security measures in the software supply chain. Recommendations from Cyble include conducting audits, implementing automated dependency scanning, and deploying monitoring solutions to detect unauthorized activities. The incident emphasizes the importance of establishing package integrity verification processes and implementing robust security measures like code signing to prevent future supply chain attacks.

A CrowdStrike spokesperson released the following statement: "After detecting several malicious Node Package Manager (NPM) packages in the public NPM registry, a third-party open source repository, we swiftly removed them and proactively rotated our keys in public registries. These packages are not used in the Falcon sensor and the platform is not impacted. We identified the single source and isolated it quickly, customers remain protected and do not need to take any actions."

Source: The Cyber Express

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds