Explore the evolving tactics of nation-state actors targeting open-source software developers in this conference talk from BSides SATX. Delve into two recent npm campaigns attributed to North Korea's Lazarus Group, gaining insights into their motivations and methods. Learn how software developers can better defend against these sophisticated threats in the open-source ecosystem. Discover the details of malicious packages published on npm, their impact on job-seeking developers, and the cryptocurrency theft motives behind these campaigns. Gain valuable awareness of the current landscape of nation-state cyber threats in the software supply chain, with a focus on recent activities observed from June 2023 to February 2024. No prior knowledge of malware or malicious code is required for this 25-minute presentation suitable for all audiences.
Overview
Syllabus
2024-06-08, 12:00–, Track 3 Moody Rm 102
Taught by
BSides SATX
Related Courses
-
Nation-State Threats in the Open-Source Software Supply Chain
-
Navigating the Shadows: The Crucial Intersection of KYC, AML, and Cyber Threat Intelligence
-
Dissecting an Iranian Nation State Interactive Intrusion - Watching Kittens at Play
-
Analysis of North Korean Nation-State Attacks Using MagicRAT Malware
-
Hacking the Software Supply Chain - Targeting Developers in 2023
-
Supply Chain Attacks - Focusing on NPM Vulnerabilities and Defenses
