Glassworm botnet is no more - Historico da BBS TELESC.NET.BR

BBS:      TELESC.NET.BR
Assunto:  Glassworm botnet is no more
De:       Mike Powell
Data:     Thu, 28 May 2026 08:28:12 -0500
-----------------------------------------------------------
'Adversaries are no longer just targeting products, they're targeting the 
developers who build them': CrowdStrike takes down major botnet targeting 
developers across the world

Date:
Wed, 27 May 2026 17:35:00 +0000

Description:
The Glassworm botnet is no more, thanks to coordinated efforts between 
CrowdStrike, Google, and the Shadowserver Foundation.

FULL STORY
Cybersecurity researchers from
CrowdStrike, Google , and the Shadowsever Foundation have teamed up to take 
down a major botnet targeting software developers all over the world. 

In an announcement , the company said on May 26, 2026, the taskforce shut 
down the Glassworm botnet by simultaneously disrupting all four of its C2 
channels. Glassworm is a global botnet, active since at least early 2025, and 
operated by well-sourced, persistent criminals likely based in Russia. It 
specifically targeted software developers through the open-source supply 
chain mostly because of what they have access to: source code repositories, 
cloud platforms, CI/CD pipelines, and package registries.

This takedown matters beyond the botnet. Glassworm marked a 
significant shift in the threat landscape that should serve as a wake-up call 
for every organization that ships or consumes software, CrowdStrike 
explained. Adversaries are no longer just targeting products, they're 
targeting the developers who build them. 

The botnet propagated through trojanized VSCode extensions, malicious code 
snuck into npm and Python packages, as well as poisoned GitHub repositories 
(at least 300 of them). The malware performed information theft, credential 
harvesting (GitHub tokens, npm tokens, SSH keys, VSCode authentication), and 
deployed a full-featured remote access tool called GlasswormRAT, affecting 
Windows, macOS, and Linux systems . 

The botnet's C2 architecture used four channels: the Solana blockchain, 
BitTorrent DHT, Google Calendar event titles, and traditional VPS servers - 
all of which were designed to resist conventional takedown efforts. This 
combination earned Glassworm the epithet of the unkillable botnet and 
warranted precision and timing for the takedown. 

Taking down only one channel would have left the others operational, allowing 
the operators to quickly reconstitute, CrowdStrike explained. All four 
channels had to be disrupted simultaneously in a coordinated effort. As a 
result, infected machines can no longer receive new instructions or payloads. 

Link to news story:
https://www.techradar.com/pro/security/adversaries-are-no-longer-just-targetin
g-products-theyre-targeting-the-developers-who-build-them-crowdstrike-takes-do
wn-major-botnet-targeting-developers-across-the-world

$$
--- MultiMail/DOS
 * Origin: Capitol City Hub (1:2320/105)

-----------------------------------------------------------
[Voltar]