top of page
logo malizen cybersecurité

A look back at the NPM supply chain attack

A NPM supply-chain attack dating back from December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of apps and websites. The attackers are known as IconBurst.

They used typosquatting, a technique in which hackers offer popular packages to infect developers. One of the malicious NPM packages in this attack has more than 17,000 downloads. If fooled, they would add the malicious packages designed to steal data from embedded forms to their apps or websites.

Today, more than 6 months after this attack, some of the malicious IconBurst packages are still available for download in the NPM registry.

Recent Posts

See All

Collateral victims of a cyber attack, several websites in the Côtes-d'Armor department have been inaccessible since Monday, May 15. This incident was caused by a cyber attack targeting Group DIS, a ho

Two months ago, the Senate suffered a cyber attack that resulted in the temporary unavailability of its website for several hours. On May 5th, the Senate's website was again the target of an attack an

Between April 11 and 12, the French national meteorology agency, Météo-France, was the victim of a cyber attack. It was a denial of service attack that prevented Internet users from accessing the comp

logo Malizen

Follow our adventures !

  • Discord
  • Twitter
  • Linkedin

Subscribe to our newsletter

Be notified every time we have news !

Thanks for subscribing !

By subscribing, I agree to the General Terms of Use and Privacy Policy.

bottom of page