Typosquatted npm packages used to steal cloud and CI/CD secrets
Typosquatted npm packages steal cloud and CI/CD credentials in Mini Shai-Hulud campaign.
Summary
Microsoft Security researchers discovered the Mini Shai-Hulud campaign, which leveraged typosquatted npm packages to target and exfiltrate cloud and CI/CD credentials from developer environments. The campaign demonstrates a sophisticated supply chain attack vector exploiting the npm ecosystem. The report provides technical analysis, detection methods, and mitigation strategies to help organizations defend against similar credential theft operations.
Full text
May 28 24 min read The Gentlemen ransomware: Dissecting a self-propagating Go encryptor Microsoft Threat Intelligence presents a comprehensive analysis of The Gentlemen, a Go-based ransomware deployed by affiliates of Storm-2697 that combines per-file ephemeral key encryption with an aggressive self-propagation module to deploy itself across an entire network using series of simultaneous lateral movement techniques per target.