Good day all!

Palo Alto Networks Unit 42 researchers have been keeping a keen eye out for suspicious activity and they certainly found it here! This time it involved the APT known as #GleamingPisces and #python packages that they poisoned to infect both Linux and macOS systems. The goal is assumed to be the establishment of a compromised supply chain specifically targeting developers and their machines.

Looking at the good ole MITRE ATT&CK Matrix, we can see that the use of Python is assigned the sub-technique id of 1059.006, a sub-technique of Command and Scripting Interpreter. This sub-technique captures when adversaries use and abuse Python commands and scripts for execution.

Enjoy the article and stay tuned for some hints!

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors
https://unit42.paloaltonetworks.com/gleaming-pisces-applejeus-poolrat-and-pondrat/?web_view=true

Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday Cyborg Security, Now Part of Intel 471

"Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors" published by PaloaltoNetworks. #GleamingPisces, #PondRAT, #PyPI, #DPRK, #CTI https://unit42.paloaltonetworks.com/gleaming-pisces-applejeus-poolrat-and-pondrat/

"Threat Assessment: North Korean Threat Groups" published by PaloaltoNetworks. #AlluringPisces, #CollectionRAT, #Comebacker, #Fullhouse, #GleamingPisces, #JumpyPisces, #KANDYKORN, #ObjCShellz, #OdicLoader, #POOLRAT, #PondRAT, #RustBucket, #SelectivePisces, #SlowPisces, #SmoothOperator, #SparklingPisces, #DPRK, #CTI https://unit42.paloaltonetworks.com/threat-assessment-north-korean-threat-groups-2024/