AS1 - Pytorch Dependency Confusion
PyTorch is a machine learning framework based on the Torch library. On December 2022, it was revealed that several builds were infected by malware that was designed to steal environment variables and files. This attack was facilitiated by using dependency confusion of the package "torchtriton" which PyTorch was consuming.
Techniques:
Initial Access
T0113 - Dependency Confusion
Torchtriron is a package that the Pytorch project is consuming. On December 2022, the package was altered to exfiltrate sensitive information. Later on, the person that performs this attack confessed anonymosly that it was done for research purposes and all the collected data was deleted.
T0113 page
Credential Access
T0140 - Harvest Tokens From Environment Variables
The malicious code within the Torchtriton package extracted and exfiltrated environment variables and files from the home directory of users who installed this package.
T0140 page
Campaign Links:
LEGEND
Webmin
Webmin Customers