Supply Chain Attack - Cybersec Sentinel

Supply Chain Attack

A collection of 6 posts

CPUID Supply Chain Attack Delivers STX RAT via Trojanised CPU-Z and HWMonitor Downloads

Supply Chain Attack

CPUID Supply Chain Attack Delivers STX RAT via Trojanised CPU-Z and HWMonitor Downloads

GroupAttribution unconfirmed. Infrastructure overlap identified with a March 2026 fake FileZilla distribution campaign. C2 domain first observed November 2025. Campaign tagged internally as "CityOfSin".TypeSupply Chain Attack / Remote Access Trojan / BackdoorMalwareSTX RAT (classified as Backdoor.Win64.Alien by Kaspersky) — a multi-stage, memory-resident remote access trojan with credential theft,

Axios npm Backdoored: UNC1069 Deploys Cross-Platform RAT via Supply Chain Attack

Supply Chain Attack

Axios npm Backdoored: UNC1069 Deploys Cross-Platform RAT via Supply Chain Attack

GroupUNC1069 (North Korea-nexus, BlueNoroff-linked, financially motivated threat actor)Typenpm Supply Chain Compromise / Cross-Platform Remote Access TrojanMalwareSILKBELL: postinstall dropper embedded in plain-crypto-js@4.2.1. WAVESHAPER.V2: updated cross-platform RAT linked to prior BlueNoroff RustBucket campaignsScore🔴 9.5 Critical. Nation-state supply chain attack on one of npm's most downloaded

TeamPCP Injects Credential Stealer Into Trivy Releases and Spreads to npm via CanisterWorm

TeamPCP Injects Credential Stealer Into Trivy Releases and Spreads to npm via CanisterWorm

GroupTeamPCP (financially motivated threat actor, reportedly collaborating with LAPSUS$ for extortion; nationality unconfirmed)TypeMulti-Ecosystem Supply Chain Attack, Infostealer, Self-Propagating Worm, Kubernetes WiperDeliveryCompromised GitHub Actions (trivy-action, setup-trivy, kics-github-action, ast-github-action) plus poisoned PyPI packages (litellm) and self-propagating npm infection via CanisterWormMalwareTeamPCP Cloud Stealer — three-stage CI/CD credential harvester; CanisterWorm —

Notepad++ Compromise Reinforces the Need for Strict Software Governance

Notepad++ Compromise Reinforces the Need for Strict Software Governance

Threat Group Lotus Blossom Billbug Threat Type Supply chain compromise via updater infrastructure hijack and malicious plugin persistence Exploited Vulnerabilities Weak certificate and signature validation in the Notepad++ auto updater prior to version 8.8.9. Abuse of shared hosting infrastructure trust. DLL search order hijacking in plugin loading mechanisms.

BADBOX 2.0 Botnet Weaponizes Uncertified Devices for Proxies, Fraud, and Credential Theft

BADBOX 2.0 Botnet Weaponizes Uncertified Devices for Proxies, Fraud, and Credential Theft

Threat Group: SalesTracker Group, MoYu Group, Lemon Group, LongTV Threat Type: Android Malware Botnet Exploited Vulnerabilities: Supply chain compromises, malicious third-party apps, uncertified Android devices Malware Used: BB2DOOR (variant of Triada) Threat Score: 🔥 Critical (9.1/10) Last Threat Observation: June 7, 2025 Overview BADBOX 2.0 is a critical

XCSSET Malware Threatens macOS Developer Community

XCSSET Malware Threatens macOS Developer Community

Threat Group: Unattributed Threat Type: Malware, Supply Chain Attack Exploited Vulnerabilities: Transparency Consent and Control (TCC) Zero-day Vulnerabilities Malware Used: XCSSET Threat Score: 🔴 High (8.4/10) – Advanced obfuscation, persistent infection mechanisms, and supply-chain attack potential Last Threat Observation: March 11, 2025 (Microsoft Security Blog) Overview XCSSET is a sophisticated,