A Large-Scale Supply Chain Attack Distributed Over 800 Malicious NPM Packages

A threat actor dubbed “RED-LILI” has been linked to an ongoing large-scale supply chain attack campaign targeting the NPM package repository by publishing nearly 800 malicious modules.
“Customarily, attackers use an anonymous disposable NPM account from which they launch their attacks,” Israeli security company Checkmarx said. “As it seems this time, the attacker has fully-automated the process