T1195.001Compromise Software Dependencies and Development Tools
96%
“chain attack spanning five ecosystems over five days. early detection was only made possible by a bug in the malware itself. the initial compromise targeted trivy, aqua security ' s vulnerability scanner running in thousands of ci / cd pipelines. teampcp exploited a misconfigured…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
96%
“major fork, binds to to 0. 0. 0. 0 without encryption and was subject to 512 cves. attackers registered fake npm packages ( ` color - diff - napi `, ` modifiers - napi ` ) targeting developers compiling leaked code, using dependency confusion attacks exploiting the leak ' s distr…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
45%
“chain attack spanning five ecosystems over five days. early detection was only made possible by a bug in the malware itself. the initial compromise targeted trivy, aqua security ' s vulnerability scanner running in thousands of ci / cd pipelines. teampcp exploited a misconfigured…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1587Develop Capabilities
42%
“major fork, binds to to 0. 0. 0. 0 without encryption and was subject to 512 cves. attackers registered fake npm packages ( ` color - diff - napi `, ` modifiers - napi ` ) targeting developers compiling leaked code, using dependency confusion attacks exploiting the leak ' s distr…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1587Develop Capabilities
35%
“chain attack spanning five ecosystems over five days. early detection was only made possible by a bug in the malware itself. the initial compromise targeted trivy, aqua security ' s vulnerability scanner running in thousands of ci / cd pipelines. teampcp exploited a misconfigured…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
34%
“an ai agent that identifies a vulnerability in one system can hypothesize about similar exposures in related organizations, just as skilled attackers do. codewall ' s agent didn ' t enumerate bcg ' s infrastructure exhaustively – it formed a testable hypothesis from industry cont…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.