Skip Navigation

Hijacking S3 Buckets: New Attack Technique

checkmarx.com Hijacking S3 Buckets: New Attack Technique

Without altering a single line of code, attackers poisoned the NPM package “bignum” by hijacking the S3 bucket serving binaries necessary for its function and replacing them with malicious ones

Hijacking S3 Buckets: New Attack Technique

It seems like attackers have discovered a way to leverage NPM packages to deliver malicious binaries without needing to make any changes to the NPM package itself.

1

You're viewing a single thread.

1 comments
  • Interesting! I wonder how much of this is already happening that people just haven't noticed yet.