Supply Chain Attack Uses Smart Contracts for C2 Ops

Security researchers claim to have discovered the first-ever open source supply chain attack combining blockchain technology with traditional attack vectors.

“The attacker used a classic typosquatting technique by misspelling ‘fetch’ as ‘fet’ while maintaining the key terms ‘jest’ and ‘mock,’” it wrote.

“Given that the legitimate packages are primarily used in development environments where developers typically have elevated system privileges, and are often integrated into CI/CD pipelines, we believe this attack specifically targets development infrastructure through the compromise of testing environments.”

See more: https://www.infosecurity-magazine.com/news/supply-chain-attack-smart/

#cybersecurity #smartcontract #supplychainattack