At a glance.
- SentinelSneak is out in the wild.
- XLLs for malware delivery.
- CERT-UA warns of attacks against DELTA situational awareness system.
- FSB cyber operations against Ukraine.
- Trends in the cyber phases of Russia's hybrid war.
SentinelSneak is out in the wild.
Researchers have discovered a campaign they’re calling “SentinelSneak,” a malicious Python package posing as a SentinelOne software development kit (SDK), ReversingLabs reports. Its researchers say that the package, named SentinelOne (with no connection to the security firm of the same name), was first seen in the Python Package Index (PyPI) on December 11, 2022. It is described as a “fully functional SentinelOne client” that has a malicious backdoor. SentinelSneak does not strike immediately after installation, Dark Reading reports. The function lies dormant until triggered into action by another program. It is noted that this shows the threat actors’ desire to target the software supply chain “as a way to inject compromised code into targeted systems as a beachhead for further attacks.” These further attacks likely have not yet occurred, researchers say. This is just the latest threat leveraging the PyPI repository, amongst the use by other actors of strategies like “typosquatting,” ReversingLabs researchers said in their advisory. For more on SentinelSneak, see CyberWire Pro.