ForceMemo: Python Repositories Compromised in GlassWorm Aftermath
Summary
A campaign dubbed ForceMemo has compromised hundreds of GitHub repositories, primarily targeting Python projects. This attack leveraged credentials previously stolen during the VS Code GlassWorm campaign, highlighting the ongoing risks associated with credential stuffing and supply chain attacks.
IFF Assessment
This is bad news for defenders as it indicates a successful exploitation of previously compromised credentials leading to further compromise of code repositories, potentially impacting software supply chains.
Defender Context
Defenders should be aware of the continued exploitation of credentials from past campaigns, like GlassWorm. This highlights the importance of robust credential management, multi-factor authentication, and monitoring for unauthorized access to code repositories.