13th Feb 2021, Kathmandu
An ethical hacker (researcher) has recently shown a novel supply chain attack. As a result, the networks of more than 35 major technology companies such as Microsoft, Apple, PayPal, Sophie, Netflix, Tesla, Uber have been violated.
Novel Supply Chain Assault uses public and open-source developer tools. The framework, created by Alex Birsan, an ethical hacker and cybersecurity researcher, injects malicious code into an open-source developer tool to exploit the dependencies of these organizations’ internal applications.
It may target developers’ projects using public repositories such as GitHub. According to Birsan, the success rate of such attacks is high after the targeting of the companies.
The vulnerabilities he has exploited so far, which he calls ‘Dependency Uncertainty,’ have been established in more than 35 organizations. They were in Python, Ruby, and Java programming languages.