VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Neutralizing GlassWorm: Developer‑Targeting Attack Infrastructure Disrupted

Нейтрализация GlassWorm: инфраструктура атак на разработчиков остановлена

Colleagues: CrowdStrike, together with Google and Shadowserver, has taken down all GlassWorm C2 infrastructure. The campaign, active in 2025, targeted developers via trojanized VS Code extensions and compromised npm/Python packages.

Key points:
- Four resilient channels: Solana (memo), BitTorrent DHT, Google Calendar and VPS.
- Credential and wallet theft; deployment of GlassWormRAT and a malicious Chrome extension.
- Infected hosts used as proxies, HVNC, and remote-execution nodes; >300 repositories compromised.

Why it matters: software supply‑chain attacks endanger many organizations — securing developer environments and CI/CD pipelines is essential.

What will you change in defending developer environments?

#cybersecurity #supplychain #DevSecOps

Latest comments

No comments yet.