| ▲ | AmazingTurtle 3 hours ago | |
I looked through some of the GH repositories and - dear god - there are some crazy sensitive secrets in there. AWS Prod database credentials, various API keys (stripe, google, apple store, ...), passwords for databases, encryption keys, ssh keys, ... I think hijacked NPM packages are just the tip of the ice berg. | ||
| ▲ | agentifysh 2 minutes ago | parent [-] | |
what i find peculiar are these korean bank/gov related packages. shinhan-limit-scrap korea-administrative-area-geo-json-util were they targeted because korean cyber infra is known to be quite brittle especially its bank/gov services and it was just included out of whim or was this actor specifically targeting Korea as part of its campaign? There have been a string of attacks on Korean infrastructure. This might offer some clues. | ||