Trellix Insights: Supply Chain Targeted To Deliver Malicious Payload To Rust Developers
Última modificación: 2022-08-22 11:32:43 Etc/GMT
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Trellix Insights: Supply Chain Targeted To Deliver Malicious Payload To Rust Developers
Technical Articles ID:
KB95823
Última modificación: 2022-08-22 11:32:43 Etc/GMT Entorno
IMPORTANTE:En este base de conocimiento artículo se explica una amenaza específica de la que se realiza automáticamente el seguimiento de Trellix tecnología de información. El contenido está pensado para su uso por parte de Trellix usuarios de Insights, pero se proporciona para obtener un conocimiento general de todos los clientes. Póngase en contacto con nosotros para obtener más información sobre Trellix Insights.
Resumen
Description of Campaign Threat actors have targeted Rust developers in a supply-chain attack that made use of a typo-squatted package URL to deliver the pen-testing tool Poseidon. The malicious package posed as a legitimate package of the same name "rust_decimal," but omitted the underscore character from the malicious package name. Although the final payload was Poseidon, the campaign objective is yet to be identified, but might be an attempt to infect multiple organizations through a supply chain. Our ATR Team gathers and analyzes information from multiple open and closed sources before disseminating intelligence reports. This campaign was researched by SentinelOne and shared publicly. Cómo utilizar este artículo:
Campaign IOC
Minimum set of Manual Rules to improve protection to block this campaign: IMPORTANTE: Siga siempre las prácticas recomendadas al activar nuevas reglas y firmas. Cuando implemente nuevas reglas o firmas, establézcalas siempre primero en el modo Informe y compruebe las alertas generadas. Resuelve cualquier problema que se produzca y, a continuación, establezca las reglas en Bloquear. Este paso reduce la generación de falsos positivos y permite refinar la configuración. Para conocer las prácticas recomendadas de las reglas de contención dinámica de aplicaciones de Endpoint Security, consulte el artículo KB87843. Endpoint Security - Advanced Threat Protection: Productos implicados |
|