CrowdStrike and Google dismantle Glassworm botnet targeting developers
Original: CrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacks
Why This Matters
Supply chain attacks targeting developers pose escalating threats to software ecosystem security
CrowdStrike, Google, and Shadowserver took down the Glassworm botnet that targeted open-source developers for two years. Hackers compromised over 300 GitHub repositories through malicious extensions, malvertising, and stolen credentials to execute supply chain attacks.
CrowdStrike collaborated with Google and nonprofit Shadowserver to dismantle the Glassworm botnet that targeted open-source software developers for supply chain attacks over two years. The hackers employed multiple strategies including publishing malicious marketplace extensions, malvertising through sponsored search results, and using stolen credentials to hijack developer accounts. They successfully compromised over 300 GitHub code repositories. The operation disrupted four command-and-control channels that relied on Solana blockchain, BitTorrent network, Google Calendar, and virtual private servers. CrowdStrike emphasized that developers represent uniquely high-value targets since compromising a single developer workstation can cascade into supply-chain compromises affecting thousands of downstream organizations.