Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
Summary
Security firm Checkmarx has faced multiple cyberattacks in recent weeks, including supply-chain attacks that pushed malware to users and a ransomware attack that leaked private data. Another security company, Bitwarden, was also affected by the same supply-chain attack linked to a hacker group called TeamPCP.Key Facts
- On March 19, attackers breached the Trivy vulnerability scanner’s GitHub account and pushed malware to users, including Checkmarx.
- The malware searched infected computers for sensitive access credentials like tokens and SSH keys.
- On March 23 and again on April 22, Checkmarx’s GitHub account was compromised, pushing malware to its users.
- On March 30, the ransomware group Lapsu$ leaked private Checkmarx data on the dark web.
- Evidence shows the attackers maintained access to Checkmarx’s GitHub account even after the company discovered the breach.
- Bitwarden was also attacked in the same supply-chain incident, using the same malicious infrastructure as the Checkmarx attack.
- TeamPCP, a hacker group that steals and sells access credentials, carried out the initial Trivy attack.
- Security tools are targeted because they have trusted access to many users and sensitive data, making them valuable to hackers.
Read the Full Article
This is a fact-based summary from The Actual News. Click below to read the complete story directly from the original source.