'Supply Chain Attack' on 35 Big Companies including Microsoft, Apple, PayPal

'Supply Chain Attack' on 35 Big Companies including Microsoft, Apple, PayPal


An ethical hacker (researcher) has recently demonstrated a novel supply chain attack. Accordingly, the systems of more than 35 big technology companies like Microsoft, Apple, PayPal, Sophie, Netflix, Tesla, Uber have been breached.



Novell Supply Chain Attack exploits public and open-source developer tools. The system, developed by ethical hacker and cybersecurity researcher Alex Birsan, injects malicious code into an open-source developer tool to exploit the dependencies of those organizations' internal applications.


It could target developers' projects using public depositories such as GitHub. According to Birsan, the success rate of such attacks is high after the companies have been targeted.


The vulnerabilities he has exploited so far, which he calls 'Dependency Confusion', have been found in more than 35 organizations. These were in Python, Ruby, and Java programming languages.

Comments