CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 28, 2026

Coordinated operation takes down Glassworm botnet - Cybersecurity Dive

Cybersecurity Dive Archived May 28, 2026 ✓ Full text saved

Coordinated operation takes down Glassworm botnet Cybersecurity Dive

Full text archived locally
✦ AI Summary · Claude Sonnet


    Coordinated operation takes down Glassworm botnet The botnet began in early 2025, targeting software developers across the open-source supply chain. Published May 27, 2026 David Jones Reporter Share License Add us on Google RSA Conference attendees mingle at CrowdStrike’s booth at the Moscone Center on April 27, 2023, in San Francisco. CrowdStrike led the takedown of the Glassworm botnet on May 26, 2026. Matt Kapko/Cybersecurity Dive The Glassworm botnet, a global operation targeting software developers through the open-source supply chain, was disrupted Wednesday in a coordinated takedown led by CrowdStrike. All four of the botnet’s command-and-control channels were targeted simultaneously, effectively disconnecting them from their infected computers and leaving them unable to deliver malicious payloads, according to a blog post from the cybersecurity company.  Since early 2025, Glassworm’s operators have been targeting developers, who have access to source code repositories, continuous integration/continuous delivery pipelines, package registries and cloud platforms, CrowdStrike said.  The botnet had a full range of malicious capabilities, including credential harvesting and data theft. It included a Node.js remote access tool called GlasswormRAT.  CrowdStrike worked in a coordinated effort with Google and the Shadowserver Foundation to go after Glassworm, which the company said was likely based in Russia.  More than 300 GitHub repositories were poisoned during the Glassworm campaign, which harvested credentials from prior attacks.  Malicious code was introduced using compromised npm and Python packages. In addition, Trojanized VS Code extensions were published to the Open VSX marketplace.  Researchers said the botnet’s C2 architecture was built to maintain resilience and withstand traditional disruption attempts.  Add us on Google Share PURCHASE LICENSING RIGHTS Filed Under: Strategy, Threats
    💬 Team Notes
    Article Info
    Source
    Cybersecurity Dive
    Category
    ◇ Industry News & Leadership
    Published
    May 28, 2026
    Archived
    May 28, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗