Olivia
Online
Mario Samolis
@MarioSamolis
Incident Responder, memory forensics, malware analysis.
Colorado, USA
Joined January 2014
1.1K Following
70 Followers
72 Posts
Attackers are targeting open-source software ecosystems at scale, using coordinated and repeatable approaches that take advantage of dependency chains and maintainer trust models to distribute malicious packages across widely used registries. https://t.co/Gh6lgCtIHM
The use of AI is reducing barriers to entry, enabling high‑volume package creation and faster iteration of malicious code. At the same time, shifts in coding patterns and tooling behaviors can provide defenders with signals to better identify and track adversary activity.
These campaigns increasingly focus on the software supply chain itself, targeting the tools, libraries, and pipelines used to build and distribute applications. As a result, a single compromised component can propagate across complex dependency trees and significantly expand impact.
Learn more from Microsoft Security’s Allie Luhrs and Mario Samolis from their talk at this year’s Blue Hat USA on the Microsoft Threat Intelligence Podcast, hosted by Sherrod DeGrippo.
If you're not having fun, you're not learning. There's a pleasure in finding things out.
🎤 BlueHat speaker announcement
Mario Samolis and Allie Luhrs, Senior Security Analysts, Microsoft, are taking the stage at BlueHat with a deep dive into one of today’s most persistent supply chain threats.
Their research analyzes more than 1,300 npm packages tied to DPRK-linked activity, including FAMOUS CHOLLIMA and the Contagious Interview campaign. What stands out is not just the scale, but how structured these operations are: weekday release cycles, repeated payload reuse, and a sophisticated C2 infrastructure that leverages trusted hosting platforms to evade detection.
In this session, they’ll share:
➤What this activity looks like over time
➤How to spot patterns others might miss
➤How their attribution model distinguishes malicious from benign packages with a strong margin
#BlueHat
@RussianPanda9xx Looks like a modern version of the "American Gothic" painting
If you are a Student, open this it's important 👇
@sapirxfed Got that look of determination going on.
You're under no obligation to remain the same person you were a year ago, a month ago, or even a day ago. You are here to create yourself, continuously.
@SecShoggoth I'm sure it is one of the boxes full of random cables/cords that we all have just sitting in closet somewhere.
@SecShoggoth @BSidesROC I feel that way every time I go back through a case. It seems like there is always more information to find or understand no matter how much analysis you already did.
@DFIRmadness @Ell_o_Punk Completely agree here. The trick is to not let your stress overpower your ability to perform. Just be yourself and your will do fine.
@Ell_o_Punk Congratulations. The first one is always the best. Great feeling of accomplishment.
@SecShoggoth @tazwake Not sure if they still do it, but they have a virtual queue that opens up at 9am and if your quick enough you can snag a spot. I would have the queue all ready setup with my family and once 9am hit I would queue up immediately.
@DFIRmadness As far as I am aware, Microsoft pushed out a fix for it earlier this month.
@SecShoggoth Yes please
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers