Campaigns page

Webmin 1.900 RCE

Webmin, a widely used server administration software, experienced a security incident where attackers introduced a backdoor into version 1.890. This backdoor allowed individuals with knowledge of it to execute commands with root privileges. Subsequent versions, 1.900 to 1.920, also contained a similar backdoor in the code, but it was not exploitable in a default Webmin installation. Only if an administrator had specifically enabled the "changing of expired passwords" feature in the Webmin Configuration ⇾ Authentication section, could it be utilized by an attacker. These vulnerabilities were not accidental flaws; rather, the Webmin source code was deliberately modified to include a concealed vulnerability.
Campaign Page | Campaign Map

Spoofed Dependabot

A large-scale attack targeted hundreds of GitHub repositories, involving malicious code commits designed to mimic "Dependabot," a standard GitHub tool. The attackers attempted to go unnoticed by impersonating this trusted tool.
Campaign Page | Campaign Map

JuiceStealer - PyPi Supply Chain Attack

The threat actor known as "JuiceLedger" orchestrated a large-scale attack on PyPi, the official Python package repository. This attack was multifaceted, targeting package maintainers by attempting to compromise their PyPi accounts. Additionally, the attacker engaged in TypoSquatting, uploading malicious packages to the repository
Campaign Page | Campaign Map

Pytorch Dependency Confusion

PyTorch is a machine learning framework based on the Torch library. On December 2022, it was revealed that several builds were infected by malware that was designed to steal environment variables and files. This attack was facilitiated by using dependency confusion of the package "torchtriton" which PyTorch was consuming.
Campaign Page | Campaign Map

3CX Desktop

3CX is a VOIP software company with more than 600000 customers. In April 2023, the company was subject to an attack that infected their 3CX desktop software with malware. It is suspected to be a nation state attack carried out by North Korea. The attack was faciltiated by attacking the supply chain of a trading software company, Trading Technoloigies.
Campaign Page | Campaign Map

Codecov Breach

Codecov is a popular code coverage utility that is used as stem in the CI/CD of many companies.
Campaign Page | Campaign Map

PHP Zerodium Backdoor

In March 2023 it was discovered that a bad actor succeeded to infect the official PHP code with a backdoor. PHP is one the most common technologies for web applications - a succesful attack would have meant taking over millions of servers.
Campaign Page | Campaign Map

CCleaner

CCleaner is a popular system cleanup software
Campaign Page | Campaign Map

SolarWinds

The SolarWinds incident, one of the most significant cyberattacks in recent history, began when hackers gained unauthorized access to the internal network of SolarWinds, a prominent IT management software provider. In 2019, they injected malicious code into SolarWinds' widely used Orion software, which was unknowingly distributed to around 18,000 customers in a software update released in March 2020. Exploiting this compromise, the hackers conducted targeted cyber-espionage campaigns against various organizations. The breach, attributed to a state-sponsored hacking group believed to be linked to the Russian government, allowed the attackers to gain unauthorized access to systems. In response, directives were issued advising affected organizations to disconnect or power down SolarWinds Orion products. The breach also affected Microsoft, which revealed that the attackers had accessed some of their source code repositories. Investigations, forensic analyses, and mitigation efforts were undertaken to assess the breach's extent, remove the malicious code, and bolster security measures. The incident exposed the attackers' sophistication and highlighted the vulnerability of trusted software supply chains, underscoring the importance of robust cybersecurity measures.
Campaign Page | Campaign Map