1 comment

[ 7.4 ms ] story [ 92.1 ms ] thread
Hudson Rock revealed that the Megalodon supply chain attack originated from information sealer infections that enabled the theft of GitHub credentials, allowing the threat actor behind the campaign to push the malicious payload.

Specifically, more than 33% of the unique usernames associated with the affected repositories -- i.e., 331 out of 978 -- have been found to be "direct matches to computers infected by infostealers," the company said. Even in scenarios where there didn't exist an exact overlap based solely on usernames, the email addresses tied to the GitHub accounts have unearthed additional stealer compromises.

"This leads us to a definitive conclusion: The affected accounts enabling the Megalodon supply chain attack are exclusively sourced from infostealer data," Hudson Rock said. "The Megalodon campaign is a stark reminder that if developers and employees are infected with infostealers, platforms like GitHub become the launchpad for devastating cascading events."