Nation-State Threats in the Open-Source Software Supply Chain
Offered By: OpenSSF via YouTube
Course Description
Overview
Explore the evolving landscape of nation-state threats in the open-source software supply chain through this informative conference talk. Delve into the activities of North Korea's Lazarus Group, a prominent cyber threat actor operating under the Korean People's Army since 2009. Learn about their recent campaigns targeting software developers through malicious packages in the npm ecosystem. Discover how these attacks, first identified by the Phylum Research Team in June 2023 and later confirmed by GitHub, Microsoft Threat Intelligence, and CISA, have evolved over time. Gain insights into the group's tactics, including their use of remote payloads and social engineering techniques to steal cryptocurrency from job-seeking developers. Understand the significance of these threats and their potential impact on the open-source community, as well as the importance of vigilance in maintaining software supply chain security.
Syllabus
Nation-State Threats in the Open-Source Software Supply Chain - Ross Bryant, Phylum
Taught by
OpenSSF
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network