Rapidly change your password, the Microsoft security team urges as Shai-Hulud Dune Worm cloud attacks continue.
Updated December 12 with further technical details regarding the Shai-Hulud 2.0 Dune Worm attacks, alongside original reporting of the Microsoft mitigation recommendations for rapid credentials rotation and replacement.
In response to what the Microsoft Defender Security Research Team has called “one of the most significant cloud-native ecosystem compromises observed recently,” it has urged organizations to act rapidly and replace passwords. Here’s what you need to know about the so-called Shai-Hulud 2.0 Dune Worm attacks. On September 23, the Cybersecurity Infrastructure and Security Agency, which refers to itself as America’s Cyber Defense Agency, issued an. Fast-forward to now, and the Microsoft Defender Security Research Team has published new guidance for “detecting, investigating, and defending against the supply chain attack,” as Shai-Hulud 2.0 enters the cyber equation. “The Shai‑Hulud 2.0 campaign builds on earlier supply chain compromises,” Microsoft said, “but introduces more automation, faster propagation, and a broader target set.” This includes executing malicious code during the pre-install phase of the infected npm managed packages, which means that it happens before any security checks can be made. “This supply chain attack is, Adi Bleih, a security researcher for external risk management at Check Point, told me, unusually aggressive as a result. “By activating before installation completes and exfiltrating secrets into attacker-controlled GitHub repositories,” Bleih said, “the operators gained rapid access to significant volumes of cloud and developer credentials.” Tomislav Peričin, chief software architect at ReversingLabs, has published an in-depth technical analysis of Sha1-Hulud: The Second Coming. “The same worm capabilities used in the first wave are also present in the malware of this second wave,” Peričin explained, “in that, once a package is infected, it spawns attacks of its own by allowing the worm to propagate through other open source packages the author maintains.” Peričin confirmed that the ReversingLabs analysis has identified in excess of 27,000 new GitHub repositories created by the Dune Worm during these latest attacks, intended for storing exfiltrated data from compromised users.After compromising an account, the worm looks for other packages maintained by the same account and creates new package versions with a “postinstall script, adding a malicious bundle.js” that is executed when users install the package itself. The worm’s script looks for environment tokens using the popular open-source TruffleHog tool capable of detecting “more than 800 different types of secrets, to identify the victims’ secrets.”Finally, the Shai-Hulud 2.0 worm will try to create public copies of the repositories, described as Shai-hulud Migration. “The intent appears to be both exposure of source code and secrets embedded in private repos,” Peričin said, “possibly for the purpose of harvesting and re-use by malicious actors.” Ken Johnson, chief technology officer of DryRun Security, meanwhile, confirmed that Shai-Hulud 2.0 is the third attack to have been attributed to a threat group identified as S1ngularity. “This second version of the Shai-Hulud worm tells us the attackers are refining their techniques and improving upon their previous mistakes,” Johnson advised. As such, it’s a “massively dangerous and disruptive campaign.”Prioritize high-risk attack paths to reduce further exposure.
Dune Worm Dune Worm Microsoft Cloud Microsoft Cloud Worm .Microsoft Cloud Hack Microsoft Password Warnin G Password
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
More State Regulators Denounce Rapidly Growing Prediction MarketsGaming officials in Louisiana and Washington warned event contracts are in violation of state law, while an Arizona rep said they will be monitored.
Read more »
Microsoft Warning — Act Rapidly And Change Passwords As Attacks StrikeRapidly change your password, the Microsoft security team urges as Shai-Hulud Dune Worm cloud attacks continue.
Read more »
Microsoft CEO Nadella is making a cricket app in his free timeMicrosoft Corp.’s Satya Nadella, a die-hard cricket fan, has been spending his free time coding and designing his own app that he used to analyze the centuries-old game.
Read more »
Megan Moroney announces 2026 'Cloud 9 Tour,' Barclays show. Get ticketsThe rapidly-rising country star headlines in Brooklyn on July 9.
Read more »
Open AI, Microsoft face lawsuit over ChatGPT's alleged role in Connecticut murder-suicideThe heirs of an 83-year-old Connecticut woman are suing ChatGPT maker OpenAI and its business partner Microsoft for wrongful death, alleging that the A.I. chatbot intensified her 56-year-old son's 'paranoid delusions' and helped direct them at his mother before he killed her.
Read more »
Dear Abby: Family’s collective mental health is declining rapidlyMy father misremembers things ... my mom has become impatient ... my sister snaps at them. My mental health isn’t the best right now ...
Read more »