Over 170K Users Affected by Attack Using Fake Python Infrastructure

The Checkmarx Research team recently discovered an attack campaign targeting the software supply chain, with evidence of successful exploitation of multiple victims. These include the Top.gg GitHub organization (a community of over 170k users) and several individual developers. The threat actors used multiple TTPs in this attack, including account takeover via stolen browser cookies, contributing malicious code with verified commits, setting up a custom Python mirror, and publishing malicious packages to the PyPi registry. This blog will cover the attack …

account account takeover attack campaign checkmarx community developers exploitation fake github infrastructure organization python research software software supply chain supply supply chain takeover targeting team threat threat actors ttps