Cybersecurity professionals have uncovered a sophisticated supply chain attack involving GitHub, npm, and jsDelivr code repositories. The attacker cleverly embedded malware within the rarely used ‘end’ function of jQuery, which is internally invoked by the more popular ‘fadeTo’ function. Over 68 packages are associated with this ongoing campaign, suggesting manual assembly and publication by threat actors.
Phylum confirmed this in a statement saying, “The attacker has cleverly hidden the malware in the seldom-used ‘end‘ function of jQuery, which is internally called by the more popular ‘fadeTo‘ function from its animation utilities.”
Jenkins Script Console Exploited for Cryptocurrency Mining
Reports highlight the risk of hackers exploiting Jenkins Script Console instances for cryptocurrency mining. Misconfigurations, such as improperly set authentication mechanisms, expose the ‘/script’ endpoint, enabling remote code execution (RCE). Threat actors leverage the Jenkins Groovy plugin misconfiguration to execute Base64-encoded malicious scripts, mining cryptocurrency on compromised servers. A statement by Shubham Singh and Sunil Bharti confirmed the situation.
GuardZoo Surveillance Targets Middle Eastern Military Personnel
An ongoing surveillanceware operation delivers GuardZoo, an Android data-gathering tool primarily targeting military personnel in Middle Eastern countries. Over 450 victims from Egypt, Oman, Qatar, Saudi Arabia, Turkey, the U.A.E., and Yemen have been affected. Some reports also link this campaign to a Houthi-aligned threat actor.
APT40’s Rapid Exploit Adaptation Raises Concerns
Security agencies from various countries warn of APT40’s agility in co-opting exploits for recently discovered flaws. APT40 can transform and adapt vulnerability proofs-of-concept (PoCs) within hours or days of release. Regular reconnaissance against networks allows the group to identify vulnerable devices and deploy exploits effectively.
The agencies stretched the ability of APT40 to quickly transform and adapt vulnerability proof-of-concept (PoCs) for reconnaissance, targeting and exploiting operations.
“APT40 has previously targeted organizations in various countries, including Australia and the United States. Notably, APT40 possesses the ability to quickly transform and adapt vulnerability proofs-of-concept (PoCs) for targeting, reconnaissance, and exploitation operations.”
Akira Ransomware Hits Heidmar, a Maritime Services Company
The Akira ransomware group targeted Heidmar, a company specializing in pool management, commercial management, ship chartering, claims settlement, bunker services, risk management, and FFA trading. With over 50 employees and a revenue of $100 million, Heidmar faced significant cybersecurity challenges.