The Register reported on April 30 that software packages widely used by developers, including SAP, Intercom and Lightning, were repeatedly exposed to hacking attacks.
The attacks were carried out by malicious hackers planting malware inside official packages downloaded by developers.
The moment a developer installed the package, the malware automatically ran. Attackers stole GitHub account passwords, cloud access keys for Amazon Web Services and Google Cloud, and database access details. The information was then encrypted and sent to external servers.
The cybercrime group TeamPCP was identified as being behind the attacks. TeamPCC has already carried out similar attacks targeting several security and development tools.
The affected packages were 4 npm packages related to SAP cloud development, the official package of customer communications platform Intercom, and the Lightning package used for AI model training. The Register said the combined weekly download count for the 4 SAP-related packages alone reached 572,000.
SAP said it sent a security notice to its customers and partners. Intercom and Lightning had not issued official statements as of the time of publication.
Chi-gyu Hwang (황치규)
delight@d-today.co.kr