1. Forum
  2. tqwNet
  3. TQW GENTECH

  • 'Adversaries are no longer just targeting products, they're targe

    From TechnologyDaily@1337:1/100 to All on Wed May 27 18:45:25 2026
    'Adversaries are no longer just targeting products, they're targeting the developers who build them': CrowdStrike takes down major botnet targeting developers across the world

    Date:
    Wed, 27 May 2026 17:35:00 +0000

    Description:
    The Glassworm botnet is no more, thanks to coordinated efforts between CrowdStrike, Google, and the Shadowserver Foundation.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter CrowdStrike, Google, and Shadowserver jointly dismantled the Glassworm botnet on May 26, 2026, by disrupting all four of its resilient C2 channels simultaneously Active since early 2025, Glassworm spread via trojanized VSCode extensions, poisoned npm/Python packages, and compromised GitHub repos, stealing developer credentials and deploying GlasswormRAT across Windows, macOS, and Linux The takedown highlights a shift in threat focus from products to developers, with coordinated precision required to neutralize its blockchain, BitTorrent DHT, Google Calendar, and VPSbased infrastructure Cybersecurity researchers from CrowdStrike, Google , and the Shadowsever Foundation have teamed up to take down a major botnet targeting software developers all over the world.

    In an announcement , the company said on May 26, 2026, the taskforce shut
    down the Glassworm botnet by simultaneously disrupting all four of its C2 channels. Glassworm is a global botnet, active since at least early 2025, and operated by well-sourced, persistent criminals likely based in Russia. It specifically targeted software developers through the open-source supply
    chain mostly because of what they have access to: source code repositories, cloud platforms, CI/CD pipelines, and package registries. Latest Videos From You may like US and friends disrupt world's largest DDoS botnet responsible for record 31.4 Tbps global attacks Security researchers track
    record-breaking 2Tbps DDoS attack Major SocksEscort proxy network powered by Linux malware taken down by FBI and other police forces Killing the
    unkillable This takedown matters beyond the botnet. Glassworm marked a significant shift in the threat landscape that should serve as a wake-up call for every organization that ships or consumes software, CrowdStrike
    explained. Adversaries are no longer just targeting products, they're targeting the developers who build them.

    The botnet propagated through trojanized VSCode extensions, malicious code snuck into npm and Python packages, as well as poisoned GitHub repositories (at least 300 of them). The malware performed information theft, credential harvesting (GitHub tokens, npm tokens, SSH keys, VSCode authentication), and deployed a full-featured remote access tool called GlasswormRAT, affecting Windows, macOS, and Linux systems .

    The botnet's C2 architecture used four channels: the Solana blockchain, BitTorrent DHT, Google Calendar event titles, and traditional VPS servers - all of which were designed to resist conventional takedown efforts. This combination earned Glassworm the epithet of the unkillable botnet and warranted precision and timing for the takedown.

    Taking down only one channel would have left the others operational, allowing the operators to quickly reconstitute, CrowdStrike explained. All four channels had to be disrupted simultaneously in a coordinated effort. As a result, infected machines can no longer receive new instructions or payloads. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/adversaries-are-no-longer-just-targetin g-products-theyre-targeting-the-developers-who-build-them-crowdstrike-takes-do wn-major-botnet-targeting-developers-across-the-world


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)