AS1 - Pytorch Dependency Confusion

PyTorch is a machine learning framework based on the Torch library. On December 2022, it was revealed that several builds were infected by malware that was designed to steal environment variables and files. This attack was facilitiated by using dependency confusion of the package "torchtriton" which PyTorch was consuming.


Initial Access

T0113 - Dependency Confusion

Torchtriron is a package that the Pytorch project is consuming. On December 2022, the package was altered to exfiltrate sensitive information. Later on, the person that performs this attack confessed anonymosly that it was done for research purposes and all the collected data was deleted.
T0113 page

Credential Access

T0140 - Harvest Tokens From Environment Variables

The malicious code within the Torchtriton package extracted and exfiltrated environment variables and files from the home directory of users who installed this package.
T0140 page


Webmin Customers