Poppaea
@0xpoppaea
Followers
52
Following
211
Media
0
Statuses
37
security research @ stacklok - into detection engineering, data science, physics, lego, cats 👩🏼‍💻👾 ex- countercept
London, England
Joined June 2020
My latest blog post for Stacklok! NK APTs exploiting dependencies in the open source supply chain: .Fake job coding test -> Clone repo -> Repo depends on malicious NPM pkg -> Deploy BeaverTail stealer -> Execute InvisibleFerret backdoor.
DPRK-aligned threat actors have launched a new surge of activity targeting developers in the cryptocurrency and Web3 sectors using malicious NPM packages. Our investigation revealed the stealer and loader BeaverTail embedded in these packages: #malware.
0
0
4
RT @StackLokHQ: On 8/29, we found malicious code in @pypi package "invokehttp." This package raised red flags due to inconsistencies in its….
stacklok.com
0
3
0
RT @StackLokHQ: Attackers continue to abuse open source ecosystems as a vector to deliver malware. In this incident, at least 4 trojanized….
0
4
0
RT @decodebytes: @TrustyPkg and @StackLokHQ threat hunter @0xpoppaea discovered a North Korean state actor exploit. cool post-analysis by P….
stacklok.com
0
2
0
RT @StackLokHQ: On July 22nd, our Trusty team flagged a malicious npm package, next-react-notify, shortly after it was published. This pack….
0
2
0
RT @StackLokHQ: Earlier this week, we discovered that the Roblox Node.js library was hit by the "Destroy Loneliness" npm starjacking attack….
0
1
0
RT @J3lly____: It was my first time attending @DianaInitiative this year! Such a nice vibe and incredibly inclusive. @0xpoppaea and @goldb3….
0
2
0
RT @so_sochima: Really excited for my first talk at a security conference! I’ll be speaking @BlueTeamCon about the journey to security cons….
0
7
0
First ever conference talk done!! Thanks to @DianaInitiative and @WithSecure for the opportunity đź’—.
0
2
16
RT @CyberSauna: How long do you want to give attackers?. In #CyberSauna 79, we give the floor to WithSecure’s Jojo O’Gorman and Mehmet Mert….
0
4
0
RT @DianaInitiative: Aug 7, 2023 The Diana Initiative Westin Las Vegas Hotel and Spa "The Virtuous Cycle of Hunt-Focused Purple Teaming"….
eventbrite.com
A diversity-driven conference committed to helping all underrepresented people in Information Security. To create a more inclusive industry.
0
1
0
RT @ACEResponder: Parent/child proc relationships are key to detecting @msonenote phishing. ezpz. #ThreatHunting #DFIR .
0
84
0
RT @WithSecure: Worried about malicious OneNote attachments? . No need if you follow this advice, courtesy of @dottor_morte and @goldb3rry>….
0
3
0
RT @mikko: New report from us: ”No Pineapple”. We asses that this attack campaign is coming the 3rd Bureau of North Korean People’s Army.….
labs.withsecure.com
During Q4 2022, WithSecure™ detected and responded to a cyber attack conducted by a threat actor that WithSecure™ have attributed with high confidence to an intrusion set referred to as Lazarus...
0
36
0
RT @Unit42_Intel: 2023-01-31 (Tuesday) - #Qakbot (#Qbot) returns after one month hiatus, now using OneNote (.one) files as initial lure. Sa….
0
96
0
RT @CyberGoatherder: Are you ever in the midst of reviewing web browser logs only to find yourself desperate to write some SQL? Me neither,….
0
5
0
RT @CyberGoatherder: So #Emotet is back once again with the traditional Email -> XLS -> XLM -> Regsvr -> Dll execution flow. IoCs are read….
0
7
0