Emerging Threats//
TeamPCP Supply Chain Attacks
TeamPCP is exploiting trusted npm and PyPI packages to compromise developer environments, steal credentials, and extend attacks across software supply chains.
The online game Axie Infinity is colorful and eye catching. It resembles Pokemon and is filled with cute digital creatures. To play the game, players use virtual currency to buy and sell these creatures and can earn it by battling each other. In 2021, the company behind Axie Infinity was worth $3 billion and backed by Silicon Valley dollars. But this virtual world and the enormous amount of virtual money in this world came into the sights of an adversary. In a matter of minutes in March 2022, Axie Infinity saw nearly $600 million worth of virtual currency stolen from its wallets. The hackers weren’t just cybercriminals. They were nation-state hackers from North Korea. But investigators were hot on their heels.
Participants:
Erin Plante, Vice President, Investigations, Chainalysis
Jeremy Kirk, Executive Editor, Cyber Threat Intelligence, Intel 471