NPM Linter Packages Hijacked, Microsoft's China Issue, and AI in Phishing Attacks: Cybersecurity Today:

David Shipley

Popular NPM Linter packages hijacked via phishing to drop malware. Ukrainian cert discovers lamehug malware linked to APT28 and using large language models for phishing campaign. Microsoft says it has stopped using China based engineers to support Defense Department computer systems and ex IDF Cyber chief explains why social engineering worries him more than O days this is Cybersecurity Today and I'm your host David Shipley. Before we get started, I just wanted to say thank you. Last week Jim shared that Cybersecurity Today made the top 10 news podcasts in Canada, according to the Feedspot list of Canadian news podcasts. We're also counting down to our 10 millionth download, which likely happened over the weekend. Wow. I am so grateful to be a part of this show and of so many of your routines for the last few years, starting on the week and month review panels and now as your Monday morning host. It's an honor and a privilege. Some of you may know that before I founded Beauceron Security, I was a newspaper reporter and being able to be a journalist again on the side is so fulfilling. So thank you for listening and thank you Jim for inviting me on the ride. Thank you. Now let's get to the news and boy do we have a lot to talk about. One click Millions at risk again. Another week, another open source supply chain mess, this time with eslint config prettier, a JavaScript package downloaded over 30 million times a week. Yes, million with an M. So what happened? The maintainer got phished. A slick email spoofing supportpmjs.com lured them into giving up credentials. And that's all it took. Suddenly, the attacker was inside the developer's NPM account, publishing malicious versions of eslint Config Prettier and eslink Plugin Prettier. Just like that, the trusted became toxic. These poison packages contained a post install script install JS that looked like it was checking for disk space. But surprise, it was actually running a dll via run dll32 on Windows systems. That DLL unknown Trojan weekend it's still flying under the radar of most antivirus tools. Only about 19 of 72 engines on VirusTotal detect it and developers noticed something was off. The GitHub repo hadn't changed, but the NPM registry showed new versions ESLint config prettier prettier 8.10.19, 1.1 10 and ESLint plugin prettier 4.22 and 4.23. No change logs, no commits. Just malware sneaking in under the guise as business as usual. Now, to his credit, the maintainer John Quinn came clean quickly. This is awesome. It's not about blame, it's not about shame. It's about it's quickly telling people something bad happened. And that's exactly what he did. Thank you. Quote I've deleted the NPM token and will publish a new version asap. Thanks all and sorry for my negligence. End quote. The important part Telling people this incident is part of a disturbing trend. In March, over 10 major npm libraries were compromised and turned into infosteelers. Last month, 17 gluestack packages were hijacked to deliver a remote access Trojan and the common thread Phishing and credential theft. This isn't just about bad code making its way into the supply chain. It's about people being targeted. Maintainers are overwhelmed volunteers for the most part, or they're small teams. And the open source ecosystem runs on trust and goodwill. And that trust can be shattered with one phishing email and one click. Now, avoid the bad versions that we've talked about. Check your package lock, JSON or YARN lock for any signs of those versions. Audit your CICD pipelines and runtime environments for any suspicious activity, especially in Windows. Rotate any credentials or secrets that may have been touched by compromised builds, and assume any other packages from the affected maintainer may also be compromised. Review them. This is yet another warning bell about the fragility of our software supply chain. It's time we all got serious about maintainer security. And that means helping them, not just blaming them. They need multi factor authentication, tighter controls, and maybe some actual funding and support. Because let's face it, if a single phish Developer can turn 30 million downloads into a malware dropper, we've all got bigger problems. Now let's turn to another story about social engineering. Just when you thought the AI hype cycle couldn't get any weirder, now we've got large language models helping deliver malware. Ukraine's Computer Emergency Response Team Cert UA is warning about a new phishing campaign tied to none other than APT28. APT28 is a Russian state sponsored hacking group with a long rap sheet. The malware in question is a Python based payload called Lamehug. And the twist? It taps into QWin 2.5 coder 32B. Instruct a large language model from Alibaba Cloud to dynamically generate and execute commands based on plain English prompts. That's right, it's malware now with a chatbot Sidekick On July 10, Ukrainian officials started seeing spoofed emails that looked like they came from government officials. Inside was a zip file loaded with three suspicious payloads. The files contained the lame Hug malware, which uses Hugging Face's API to talk to the LLM and generate commands like gathering system info, scanning user folders for.txt and.PDF files, and sending stolen data via SFTP or HTTP POST. It's not clear how successful this campaign was, but but it's the methodology that grabs our attention. This is a new era for command and control and it's one that was highlighted earlier this spring by researchers who talked about compromising large language model safeguards to do similar things. In this case it's about exfiltration of information. In previous examples it was about command and control for a self propagating worm. Now, by blending into legitimate AI infrastructure like Hugging Face, attackers are doing what they've always done best. They're hiding in plain sight. Just like they've abused Dropbox, Google Docs or GitHub before, now they're slipping past defenses under the COVID of machine learning APIs. And this isn't just a one off check point. Recently uncovered another piece of malware called Skynet that tried to trick AI based security tools using prompt injection, basically telling the AI to ignore its rules and pretend it's a calculator instead. Said it didn't work this time, but you can bet money these kinds of attacks are going to get better. Checkpoint had an interesting quote in their report. I want to give them credit for this quote. First we had the sandbox that led to hundreds of evasion techniques. Now we've got AI malware auditors. Naturally that means hundreds of AI audit evasion techniques are coming. What does this mean for all of us? Let's connect some dots. State sponsored groups are experimenting with large language models to create adaptive stealthy malware. Open source AI models and public APIs are being hijacked for malicious use and AI based defenses are part of the attacker threat model. This is the beginning of the AI versus AI era in cybersecurity. Organizations need to ask tough questions about how AI tools are integrated into their environment, whether threat detection systems can spot the abuse of legitimate cloud services, and how much trust we're putting into automation that can be tricked with a cleverly crafted sentence. You don't need zero days when you can trick a chatbot into running or ignoring malicious code. And once again, all of this starts with a fish. Now when I first saw this next headline Saturday morning, while I can't share in a family friendly program. What exactly the first sentence that ran through my head was. I mean it did start with what the. But anyways, the next thought for the headline went something like this. Microsoft has confirmed it's no longer using engineers based in China to support US Department of Defense cloud system. This comes following a bombshell investigation by ProPublica that exposed a deeply flawed setup. For years, Microsoft used US based digital escorts, contractors with security clearances to act as go betweens. The real technical work came from Microsoft engineers in places like China, India and the eu, who told escorts what commands to run on the Pentagon's cloud infrastructure, sometimes with barely any oversight. And those digital escorts, well, they weren't always trained to thoroughly review what was being provided to them. They were often outgunned and underprepared, told to copy and paste instructions from foreign based engineers directly into the US federal cloud with no clear way of verifying whether the commands were safe or malicious. And this news comes as Salt Typhoon. The Chinese ace apt that ran through global telco networks was revealed to have compromised the US military networks, particularly the National Guard. The DoD issued an alert to all military networks to assume breach and to start doing deep investigation work. Since 2011, the US government has required that people working with federal data have the right authorizations U.S. citizens or permanent residents with background checks. Microsoft, chasing cloud contracts, built a workaround using US Escorts to front for more technically skilled but foreign based engineers. And China based engineers, including some working from known adversary territory, were feeding commands into Department of Defense systems indirectly, but potentially with impact. And the fallout came fast. Last week, Microsoft's Frank Shaw posted Friday that quote, no China based engineering teams, end quote, would be allowed to support DoD cloud services going forward. U.S. defense Secretary Pete Hegseth responded bluntly on X, quote, foreign engineers from any country, including of course China, should all caps never be allowed to maintain or access DoD systems, end quote? US Senator Tom Cotton called for an investigation, citing China as, quote, one of the most aggressive and dangerous threats to US critical infrastructure and supply chains. Now let's be clear. When a company entrusted with safeguarding national defense system takes a just trust US approach to foreign access, that's a failure of leadership, not just logistics. Microsoft Defense digital escorts were trained and cleared. Engineers had no direct access to the data and internal controls like Lockbox would flag bad requests. But here's the reality. If the digital escorts were just copying and pasting stuff from foreign engineers that they didn't understand, they were the equivalent of Kermit the Frog. Somebody else was doing the Talking, I mean coding. If you're copying and pasting commands from a nation state adversary, you've already lost the plot. There is a dangerous myth in cybersecurity that only advanced zero day exploits are what we should fear. And the truth is it's people, not payloads, that are the real targets. Two groups prove it. Scattered Spider, the financially motivated crew of mostly young native English speakers and Iranian state backed threat actors who've made a habit of punching far above their technical weight. And what do they have in common? They're masters of social engineering and in today's threat landscape that's worth more than a dozen o days. Take Iran's 2020 attack on Israeli insurer Sherbet. They didn't use cutting edge tools or NSA grade exploits. They tricked their way in, stole highly sensitive data, including info tied to Israel's Defense Ministry, and then blasted out online for maximum psychological impact. That was their win condition. Not just the breach, but the humiliation of one of the world's most elite militaries and certainly one of the most sophisticated countries when it comes to cyber defense. They wanted fear, chaos. It wasn't about breaking systems, it was about breaking confidence. And now, thanks to generative AI, the kind of social engineering used by Iran, by Scattered Spider and others is cheaper and more scalable than ever. Ariel Parnes, former Unit 8200 officer Israel's elite cyber unit, said this to the register. Quote, this is what worries me more than zero days. He's not wrong. Now, AI isn't the enemy, but it is giving attackers a serious upgrade. Today's attackers can use LLMs to generate personalized phishing campaigns. For the phishing campaigns, they can improve fake resumes, spoof LinkedIn accounts, convincing emails, entire websites. And they can do this work in seconds. Forget weeks of manual reconnaissance, just point an AI to target social media and outcomes at dossier friends and co workers, hobbies and organ organizations. Likely hooks that might lure them in language, tone and even emojis that could be used. It's not theory. Google has seen Iranian hackers using Gemini for this exact purpose. It's about understanding human behavior, exploiting trust and weaponizing communication. And right now, no one's doing it better than Scattered Spider. This is a crew that successfully breached major US and UK retailers, insurers and more, using their fluency in the English language, cultural awareness, a bit of research on their targets and well practiced social engineering. And in some cases, they're teaming up. Iranian threat actors are already adding ransomware and influence ops to their toolkit and they're collaborating with groups like Alphie, Black Cat, buying stolen credentials from crews like Scattered Spider and expanding what they can do with limited technical resources. Neither Iran nor Scattered Spider have the most advanced cyber weapons, but maybe they don't need them. When you can get inside a network just by being convincing, you don't need to spend years developing exotic exploits. You need a bit of intel, some charm, and an AI that can write better emails than most people. Some of this is about more than just stealing data. It's about psychological impact. Take the Iranian runs at various US Water utilities and fuel systems. They haven't been that successful, but they've generated a lot of fear. And if they were successful, the psychological impact, not to mention the safety impact, would be huge. We need to make sure that we're building resiliency to social engineering through education done frequently enough to keep people aware that, yes, they could be a target. They can fall victim. And here's what they need to do when they fall victim. Tell somebody about it. We need to teach employees not just how to spot phishing, but why they're being targeted. And we need to focus on identity, access and culture as much as firewalls and patch management. Let's stop obsessing over O days and start focusing on zero trust for human behavior, because that's where the fight is heading. As always, stay skeptical and stay patched. If you like the show, tell others. Maybe give us a rating or leave a review on your favorite podcast platform. We'd love to grow our audience even more, and we need your help. I've been your host, David Shipley. Jim Love will be back on Wednesday. As always, thanks for listening.