{"id":99589,"date":"2024-12-10T07:00:13","date_gmt":"2024-12-10T05:00:13","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?p=99589"},"modified":"2025-01-03T10:36:08","modified_gmt":"2025-01-03T08:36:08","slug":"most-striking-events-of-november-2024-in-supply-chain-security","status":"publish","type":"zero-post","link":"https:\/\/checkmarx.com\/blog\/most-striking-events-of-november-2024-in-supply-chain-security\/","title":{"rendered":"November 2024 in Software Supply Chain\u00a0Security"},"content":{"rendered":"

In November 2024, supply chain attacks featured two key trends: attackers’ persistent use of “legitimate-first” package strategies and creative approaches like exploiting official documentation. Cryptocurrency remained the primary target through both credential theft and mining operations.<\/p>\n\n\n\n

Let\u2019s delve into some of the most striking events of November:<\/p>\n\n\n\n

Dozens of Machines Infected: Year-Long NPM Supply Chain Attack Combines Crypto Mining and Data Theft<\/h2>\n\n\n\n

A malicious NPM package, masquerading as a legitimate XML-RPC implementation, operated for over a year\u2014stealing data and mining cryptocurrency. Dozens of systems were affected. (Link to report).<\/a><\/p>\n\n\n\n

\"xml-rpc
xml-rpc attack flow<\/figcaption><\/figure>\n\n\n\n

Malicious NPM Package Exploits React Native Documentation Example<\/h2>\n\n\n\n

An attacker published a malicious NPM package that mirrors an example from React Native\u2019s official documentation, in an attempt to trick developers following the official guide. This highlights the need for careful package verification even when following official guides. (Link to report)<\/a>.<\/p>\n\n\n\n

\"From
From React Native\u2019s official documentation<\/figcaption><\/figure>\n\n\n\n
\"Malicious
Malicious npm package mirroring example from React Native\u2019s official documentation<\/figcaption><\/figure>\n\n\n\n

Falling Stars<\/h2>\n\n\n\n

Two years after the discovery of StarJacking, an analysis of 21 package repositories reveals improved security measures against this threat\u2014though the risk still persists in some repositories. (Link to report).<\/a><\/p>\n\n\n\n

\"Example
Example of PyPi ecosystem process – adding verification of the package metadata.<\/figcaption><\/figure>\n\n\n\n

\u201caiocpa\u201d Python Package Transforms From Legitimate Package to Crypto Thief<\/h2>\n\n\n\n

In November 2024, PyPI published an advisory<\/a> about the aiocpa package, which was compromised when versions 0.1.13 and 0.1.14 introduced obfuscated malware designed to steal cryptocurrency credentials via Telegram. The attack was notable for its patience – the attacker maintained a legitimate package for months before adding malware, while keeping the GitHub repository clean. With thousands of downloads in its final month, aiocpa joins a growing trend where attackers establish legitimate packages before weaponizing them, in most cases to target cryptocurrency assets.<\/p>\n\n\n\n

*   *   *<\/p>\n\n\n\n

Our team will continue to hunt, squash attacks, and remove malicious packages in our effort to keep the open-source ecosystem safe.<\/p>\n\n\n\n

I encourage you to stay up to date with the latest trends and tactics in software supply chain security by tuning into our future posts and learning how to defend against potential threats.<\/p>\n\n\n\n

Stay tuned\u2026<\/p>\n\n\n\n

Checkmarx Supply Chain Security,<\/p>\n\n\n\n

Working to Keep the Open-Source Ecosystem Safe<\/p>","protected":false},"excerpt":{"rendered":"

In November 2024, supply chain attacks featured two key trends: attackers’ persistent use of “legitimate-first” package strategies and creative approaches like exploiting official documentation. Cryptocurrency remained the primary target through both credential theft and mining operations. Let\u2019s delve into some of the most striking events of November: Dozens of Machines Infected: Year-Long NPM Supply Chain […]<\/p>\n","protected":false},"author":66,"featured_media":99631,"template":"","zero-category":[1067],"zero-tag":[1068],"class_list":["post-99589","zero-post","type-zero-post","status-publish","has-post-thumbnail","hentry","zero-category-blog","zero-tag-checkmarx-security-research-team"],"acf":[],"yoast_head":"\nNovember 2024 in Software Supply Chain\u00a0Security - Checkmarx<\/title>\n<meta name=\"description\" content=\"In November 2024, supply chain attacks featured two key trends: attackers' persistent use of "legitimate-first" package strategies and creative approaches like exploiting official documentation. Cryptocurrency remained the primary target through both credential theft and mining operations.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/blog\/most-striking-events-of-november-2024-in-supply-chain-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"November 2024 in Software Supply Chain\u00a0Security - Checkmarx\" \/>\n<meta property=\"og:description\" content=\"In November 2024, supply chain attacks featured two key trends: attackers' persistent use of "legitimate-first" package strategies and creative approaches like exploiting official documentation. Cryptocurrency remained the primary target through both credential theft and mining operations.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/blog\/most-striking-events-of-november-2024-in-supply-chain-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-03T08:36:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/12\/Frame-11527658.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/blog\/most-striking-events-of-november-2024-in-supply-chain-security\/\",\"url\":\"https:\/\/checkmarx.com\/blog\/most-striking-events-of-november-2024-in-supply-chain-security\/\",\"name\":\"November 2024 in Software Supply Chain\u00a0Security - Checkmarx\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/most-striking-events-of-november-2024-in-supply-chain-security\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/most-striking-events-of-november-2024-in-supply-chain-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/12\/Frame-11527658.png\",\"datePublished\":\"2024-12-10T05:00:13+00:00\",\"dateModified\":\"2025-01-03T08:36:08+00:00\",\"description\":\"In November 2024, supply chain attacks featured two key trends: attackers' persistent use of \\\"legitimate-first\\\" package strategies and creative approaches like exploiting official documentation. Cryptocurrency remained the primary target through both credential theft and mining operations.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/blog\/most-striking-events-of-november-2024-in-supply-chain-security\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/blog\/most-striking-events-of-november-2024-in-supply-chain-security\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/12\/Frame-11527658.png\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/12\/Frame-11527658.png\",\"width\":1024,\"height\":512},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"November 2024 in Software Supply Chain\u00a0Security - Checkmarx","description":"In November 2024, supply chain attacks featured two key trends: attackers' persistent use of \"legitimate-first\" package strategies and creative approaches like exploiting official documentation. Cryptocurrency remained the primary target through both credential theft and mining operations.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/blog\/most-striking-events-of-november-2024-in-supply-chain-security\/","og_locale":"en_US","og_type":"article","og_title":"November 2024 in Software Supply Chain\u00a0Security - Checkmarx","og_description":"In November 2024, supply chain attacks featured two key trends: attackers' persistent use of \"legitimate-first\" package strategies and creative approaches like exploiting official documentation. Cryptocurrency remained the primary target through both credential theft and mining operations.","og_url":"https:\/\/checkmarx.com\/blog\/most-striking-events-of-november-2024-in-supply-chain-security\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_modified_time":"2025-01-03T08:36:08+00:00","og_image":[{"width":1024,"height":512,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/12\/Frame-11527658.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_site":"@checkmarx","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/blog\/most-striking-events-of-november-2024-in-supply-chain-security\/","url":"https:\/\/checkmarx.com\/blog\/most-striking-events-of-november-2024-in-supply-chain-security\/","name":"November 2024 in Software Supply Chain\u00a0Security - Checkmarx","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/most-striking-events-of-november-2024-in-supply-chain-security\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/most-striking-events-of-november-2024-in-supply-chain-security\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/12\/Frame-11527658.png","datePublished":"2024-12-10T05:00:13+00:00","dateModified":"2025-01-03T08:36:08+00:00","description":"In November 2024, supply chain attacks featured two key trends: attackers' persistent use of \"legitimate-first\" package strategies and creative approaches like exploiting official documentation. Cryptocurrency remained the primary target through both credential theft and mining operations.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/blog\/most-striking-events-of-november-2024-in-supply-chain-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/blog\/most-striking-events-of-november-2024-in-supply-chain-security\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/12\/Frame-11527658.png","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/12\/Frame-11527658.png","width":1024,"height":512},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-post\/99589","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-post"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/zero-post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/66"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/99631"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=99589"}],"wp:term":[{"taxonomy":"zero-category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-category?post=99589"},{"taxonomy":"zero-tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-tag?post=99589"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}