Vendor

SAP

5 briefs RSS

Increased npm Supply Chain Attacks Targeting SAP Developers

Threat actors are compromising npm packages, including those targeting SAP developers, to steal credentials, embed themselves in CI/CD pipelines, and deploy multi-stage payloads using techniques like wormable propagation and covert C2 channels on GitHub.

@bitwarden/cli +6 TeamPCP npm supply-chain credential-theft github

2r 5t 3i 2d ago

critical threat

Mini Shai-Hulud Supply Chain Attack Targets SAP NPM Packages

2 rules 1 TTP

The Mini Shai-Hulud campaign injected malicious code into SAP NPM packages, targeting credentials and cloud secrets related to SAP Cloud Application Programming (CAP) and SAP cloud deployment workflows, exfiltrating data through public GitHub repositories.

Cloud Application Programming +5 TeamPCP supply-chain npm sap credential-theft

2r 1t 4d ago

critical threat

Compromised SAP npm Packages Steal Developer Credentials

2 rules 5 TTPs

Multiple official SAP npm packages were compromised via a supply chain attack, likely by TeamPCP, to steal credentials and authentication tokens from developers' systems.

Cloud Application Programming Model +1 TeamPCP supply-chain credential-theft npm

2r 5t 4d ago

medium advisory

Detection of Custom Shim Database Installation for Persistence

2 rules 1 TTP

Attackers abuse the Application Compatibility Shim functionality in Windows to establish persistence and achieve arbitrary code execution by installing malicious shim databases, which this detection identifies through monitoring registry changes.

Windows +7 persistence app-compat shim

2r 1t Jan 9, 2024

medium threat

Kerberos Traffic from Unusual Process

2 rules 2 TTPs

Detects network connections to the standard Kerberos port from an unusual process other than lsass.exe, potentially indicating Kerberoasting or Pass-the-Ticket activity on Windows systems.

Elastic Defend +22 kerberoasting credential-access lateral-movement windows

2r 2t Jan 3, 2024