Just Another Blue TeamerGood day all!
Palo Alto Networks Unit 42 researchers have been keeping a keen eye out for suspicious activity and they certainly found it here! This time it involved the APT known as #GleamingPisces and #python packages that they poisoned to infect both Linux and macOS systems. The goal is assumed to be the establishment of a compromised supply chain specifically targeting developers and their machines.
Looking at the good ole MITRE ATT&CK Matrix, we can see that the use of Python is assigned the sub-technique id of 1059.006, a sub-technique of Command and Scripting Interpreter. This sub-technique captures when adversaries use and abuse Python commands and scripts for execution.
Enjoy the article and stay tuned for some hints!
Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors
https://unit42.paloaltonetworks.com/gleaming-pisces-applejeus-poolrat-and-pondrat/?web_view=true
Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday Cyborg Security, Now Part of Intel 471
Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors
We track a campaign by Gleaming Pisces (Citrine Sleet) delivering Linux or macOS backdoors via Python packages, aiming to infiltrate supply chain vendors. We track a campaign by Gleaming Pisces (Citrine Sleet) delivering Linux or macOS backdoors via Python packages, aiming to infiltrate supply chain vendors.
lazarusholic