all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

VMConnect supply chain attack continues, evidence points to North Korea

Add to bookmarks
Aug. 31, 2023, noon | karlo.zanki@reversinglabs.com (Karlo Zanki)

ReversingLabs Blog blog.reversinglabs.com




In early August, ReversingLabs identified a malicious supply chain campaign that the research team dubbed “VMConnect.” That campaign consisted of two dozen malicious Python packages posted to the Python Package Index (PyPI) open-source repository. The packages mimicked popular open-source Python tools, including vConnector, a wrapper module for pyVmomi VMware vSphere bindings; eth-tester, a collection of tools for testing Ethereum-based applications; and databases, a tool that gives asynchronous support for a range of databases. 

The research team has …

attack august campaign korea malicious north north korea package packages points popular pypi python python package python package index python tools repository research reversinglabs software supply chain security supply supply chain supply chain attack team threat research tools vmconnect vmware vmware vsphere vsphere wrapper

Visit resource

More from blog.reversinglabs.com / ReversingLabs Blog

What’s hot at RSAC 2024: 8 SSCS talks you don’t want to miss 16 hours ago | blog.reversinglabs.com
appsec & supply chain security cisos development don +16
How SOC analysts and threat hunters can expose malware undetected by EDR 1 day, 17 hours ago | blog.reversinglabs.com
analysts can corporate don +16
Introducing the Unified RL Spectra Suite 1 day, 17 hours ago | blog.reversinglabs.com
always on appsec & supply chain security change criminals +15
Announcing the General Availability of Spectra Detect v5.0: Enhancing File Analysis for Advanced Threat Detection 1 day, 17 hours ago | blog.reversinglabs.com
advanced advanced threat advanced threat detection analysis +23
Announcing the General Availability of TitaniumScale v5.0: Enhancing File Analysis for Advanced Threat Detection 5 days, 20 hours ago | blog.reversinglabs.com
advanced advanced threat advanced threat detection analysis +23
How NIST CSF 2.0 and C-SCRM help manage software supply chain risk 6 days, 17 hours ago | blog.reversinglabs.com
appsec & supply chain security businesses critical critical infrastructure +29
What’s hot at RSAC 2024: 7 must-see talks for security operations teams 1 week ago | blog.reversinglabs.com
conference filter flood francisco +21
NVD delays highlight vulnerability management woes: Put malware first 1 week, 1 day ago | blog.reversinglabs.com
appsec & supply chain security attention change current +16
CycloneDX upgraded for the evolving software supply chain security era 1 week, 6 days ago | blog.reversinglabs.com
ai development appsec & supply chain security bill bills +25

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Application Security Engineer - Remote Friendly

@ Unit21 | San Francisco,CA; New York City; Remote USA;
View on infosec-jobs.com

Cloud Security Specialist

@ AppsFlyer | Herzliya
View on infosec-jobs.com

Malware Analysis Engineer - Canberra, Australia

@ Apple | Canberra, Australian Capital Territory, Australia
View on infosec-jobs.com

Product CISO

@ Fortinet | Sunnyvale, CA, United States
View on infosec-jobs.com

Manager, Security Engineering

@ Thrive | United States - Remote
View on infosec-jobs.com
View more jobs