Users of Telegram, AWS, and Alibaba Cloud Targeted in Latest Supply Chain Attack
A new supply chain attack has been discovered by cybersecurity firm Checkmarx. The attack, which targeted platforms such as Telegram, Alibaba Cloud, and AWS, involved injecting malicious code into open-source projects to compromise systems and steal sensitive data. The attackers used techniques such as Starjacking and Typosquatting to trick developers into downloading their malicious packages. The campaign was active in September 2023 and was attributed to a threat actor known as kohlersbtuh15. The attack highlights the ongoing threat of supply chain attacks and the need to secure third-party services and software.