Supply Chain Incident
Octopus Scanner malicious NetBeans project campaign
Malicious code planted in open source NetBeans projects propagated through developer builds and attempted to infect additional projects.
ConfidenceHigh
Evidence LevelResearcher
Attack StageSource Compromise
Source Artifact DivergenceUnknown
Affected Packages
No structured records.
Affected Releases
No structured records.
Repositories
No structured records.
Organizations
No structured records.
Maintainers
No structured records.
Threat Actors
No structured records.
Campaigns
No structured records.
Build Systems
- NetBeans project build process
Distribution Channels
- Source repository
Compromised Accounts
No structured records.
Connected Entities
- NetBeans project build process Build System
- Source repository Distribution Channel
References
- Octopus Scanner Malware: Open Source Supply Chain GitHub Security Lab · 2020-03-09