Critical Infrastructure Security, Malware

Industrial systems targeted by suspicious NuGet package

A computer screen with Javascript is seen

(Adobe Stock)

Industrial cyberespionage could potentially be facilitated by the new suspicious SqzrFramework480 NuGet package seemingly targeted to developers using tools by Chinese industrial firm Bozhon Precision Industry Technology Co., according to The Hacker News.

SqzrFramework480, which has amassed almost 3,000 downloads since being uploaded in late January, enables screenshot capturing, remote IP address pinging, and screenshot transmission to IP-connected sockets, a report from ReversingLabs revealed. Such features were noted to be concerning by ReversingLabs researcher Petar Kirhmajer, who noted the previous exploitation of sockets in data exfiltration operations.

Organizations have been urged to be more vigilant of libraries within open-source repositories amid the emergence of the suspicious package, which highlights the complexity of supply chain threats.

"Open-source repositories like NuGet are increasingly hosting suspicious and malicious packages designed to attract developers and trick them into downloading and incorporating malicious libraries and other modules into their development pipelines," said Kirhmajer.

Related

Third-party ransomware attack threatens Sweden’s liquor supply

Swedish government-owned liquor retailer Systembolaget, which is the country's lone vendor of alcoholic beverages, has warned of a shortage of some beers, wines, and spirits across the country following a ransomware attack against its distributor Skanlog, which its CEO Mona Zuko has attributed to a North Korean state-sponsored threat operation, according to The Record, a news site by cybersecurity firm Recorded Future.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.