Attack Using Fake Python Infrastructure
released on 2024-03-26 @ 03:06:07 PM
A sophisticated attack campaign was uncovered targeting the software supply chain and successfully exploiting multiple victims through account takeover, malicious code injection in repositories, and publishing of poisoned Python packages. The threat actors set up fake Python infrastructure to distribute malware that harvested sensitive data.