On November 5, 2025, researchers identified nine malicious NuGet packages, published by the alias shanhai666, which have been downloaded nearly 9,500 times. This attack method cleverly disguises harmful functionalities within legitimate code, effectively delaying detection and establishing trust among developers. The key package, Sharp7Extend, introduces critical vulnerabilities in industrial automation, manipulating PLC operations and potentially jeopardizing safety and operational integrity.
The malicious packages employ sophisticated techniques, including a dual sabotage method for PLCs: immediate process termination and silent write failures, which trigger hidden malfunctions 30 to 90 minutes post-installation. This strategy complicates detection, as the initial period appears functional, allowing for undetected deployment. Furthermore, the embedded time-logic and probabilistic execution patterns create challenges in attributing the attacks, especially as they are set to activate years after installation.
Organizations must urgently audit for these malicious packages and adopt robust dependency scanning practices to prevent potential exploitation. The psychosocial impact of such vulnerabilities extends beyond immediate operational disruption, complicating forensic investigation and accountability in the development lifecycle.
👉 Pročitaj original: Cyber Security News
