Attack on German companies through NPM packages
A new batch of malicious NPM packages created for targeted attacks on the German companies Bertelsmann, Bosch, Stihl and DB Schenker has been disclosed. The attack uses the dependency mixing method, which manipulates the intersection of dependency names in public and internal repositories. In publicly available applications, attackers find traces of access to internal NPM packages downloaded from corporate repositories, which contain […]