Explore the evolving landscape of nation-state threats in the open-source software supply chain through this informative conference talk. Delve into the activities of North Korea's Lazarus Group, a prominent cyber threat actor operating under the Korean People's Army since 2009. Learn about their recent campaigns targeting software developers through malicious packages in the npm ecosystem. Discover how these attacks, first identified by the Phylum Research Team in June 2023 and later confirmed by GitHub, Microsoft Threat Intelligence, and CISA, have evolved over time. Gain insights into the group's tactics, including their use of remote payloads and social engineering techniques to steal cryptocurrency from job-seeking developers. Understand the significance of these threats and their potential impact on the open-source community, as well as the importance of vigilance in maintaining software supply chain security.
Nation-State Threats in the Open-Source Software Supply Chain
Overview
Syllabus
Nation-State Threats in the Open-Source Software Supply Chain - Ross Bryant, Phylum
Taught by
OpenSSF
Related Courses
-
Nation-State Threats in the Open-Source Software Supply Chain
-
Trusting Your Open-Source Software Supplier
-
Open Source Software Supply Chain Security - Understanding Threats and Best Practices
-
Five and a Half Actions to Mitigate Software Supply Chain Threats
-
Securing the Software Supply Chain: From Threats to Best Practices
-
Open Source Supply Chain Security for Enterprises
