Official Purple Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, the place it pilfers delicate credentials in hopes of stealing but extra confidential knowledge, researchers mentioned.
The availability-chain assault started Monday and remained lively on the time this publish went reside, based on researchers at safety agency Aikido. It’s the results of the risk actor answerable for the hack taking management of @redhat-cloud-services, a official channel within the npm repository that’s reserved for official Purple Hat packages. As such, the channel is broadly trusted by builders who depend on Purple Hat cloud providers.
The vicious cycle of at the moment’s supply-chain assaults
It’s unclear exactly how the risk actor took management of the namespace, nevertheless it nearly actually concerned the compromise of credentials required to entry it, presumably by way of a earlier supply-chain assault. Greater than 30 packages appear to be affected.
