"RED-LILI Continues to Launch NPM attacks on Azure Developers"

Researchers at Checkmarx have reported the launch of hundreds of malicious packages by the threat actor RED-LILI as part of Node Package Manager (NPM) attacks against Azure and other developers. According to the researchers, attackers have typically leveraged an anonymous disposable NPM account to launch their attacks. However, in this case, the attacker has fully automated the process of creating NPM accounts and opened a dedicated account per package, thus making the new batch of malicious packages more difficult to spot. RED-LILI remains active as the threat actor continues to publish malicious packages. Three weeks ago, Checkmarx released a report on an attacker that has been experimenting with several methods while attempting to perform dependency confusion attacks. Additionally, research teams at JFrog and Sonatype recently published blogs warning the security community of hundreds of malicious packages. All three reports from the research groups are related to the RED-LILI threat actor. Their findings further emphasize that malicious actors are continuing to improve their techniques and build automated systems as they launch waves of supply chain attacks at scale. These advancements are allowing attackers to stay undetected for longer periods of time. Companies are struggling to keep up with new attack entry points such as NPM. When vulnerable NPM packages are pulled into a Continuous Integration (CI) and Continuous Delivery (CD) pipeline, anything from ransomware to the theft of Personally Identifiable Information (PII) can be easily bundled into the software of an unsuspecting organization. This article continues to discuss findings surrounding RED-LILI's NPM supply chain attacks.

SC Media reports "RED-LILI Continues to Launch NPM attacks on Azure Developers"