Malicious npm Packages (June 2023)
A social engineering lure to launch a software supply chain attack
Join thousands who are already exploring the world of cybersecurity with Bidemi Ologunde’s IntelEdge360 on Substack. Don’t be left behind—uncover real-world cases, grasp the complexities of cyber threats, and learn from expert analyses. For less than $5 a month, you’ll get exclusive access to articles and insights that keep you informed and ahead in this ever-changing field. Subscribe now and be part of a community that is staying ahead of the curve. Plus, don’t forget to subscribe to Bidemi’s top-rated podcasts, The Bid Picture and Cyber Case Files.
El Al Airlines flight LY612 landed at Ben Gurion Airport from Moscow Domodedovo Airport just after 8:00 pm on June 8, 2023. The warm evening air, typical for Tel Aviv in early June, greeted “Elias” as he stepped off the plane. Elias, who works for a startup specializing in blockchain analysis and cryptocurrency investigations, had spent a few days in Moscow visiting friends and family.
As he walked through the busy terminal, memories of his trip mixed with thoughts of an odd GitHub invitation he had received just before leaving Moscow. It looked like a promising collaboration from a respected developer in the blockchain community, but something didn’t feel right. Pushing the thought aside, he picked up his luggage and caught a taxi to his apartment in Ramat Gan.
The drive through Tel Aviv was familiar but exciting. The city’s nightlife was coming alive, with cafes and restaurants filling up with people. Elias asked the taxi driver to stop at a popular falafel stand near his apartment, deciding to grab dinner before heading home. The smell of freshly fried falafel and warm pita bread was comforting as he placed his order.
With dinner in hand, Elias walked the short distance to his apartment. As he approached his building, the unease about the GitHub invitation returned. He didn’t realize that this small detail would soon pull him into a complex global social engineering campaign targeting tech employees like him.
Contents
Moscow to Tel Aviv
Earlier That Day…
Black Boxes
Lazarus Group
Lessons
Earlier That Day…
On the morning of June 8, Elias was enjoying his room service breakfast at the Maxima Domodedovo Airport Hotel in Moscow. Sunlight poured through the windows as he finished his meal, ready to check out and head home to Tel Aviv. While packing his laptop and settling his hotel bill, he noticed an email notification. It was a GitHub invitation from a developer named Alexei, who said he was working on a new blockchain project.