CrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacks

CrowdStrike and Google jointly dismantled the Glassworm botnet, which cybercriminals deployed to compromise open source software projects and execute supply chain attacks targeting developers and their organizations.

The botnet infected open source repositories with malware, creating a two-stage attack vector. Once developers downloaded the poisoned code, their systems became compromised. Attackers then pivoted to target companies using that software downstream, exploiting the trust placed in open source ecosystems.

This operation reflects a growing sophistication in supply chain attacks. Rather than targeting companies directly, threat actors compromise the software development pipeline itself. By injecting malware into widely-used open source projects, attackers gain access to multiple organizations simultaneously. A single compromised repository can infect hundreds or thousands of downstream users.

CrowdStrike's threat intelligence team identified the botnet infrastructure and coordination mechanisms. Google's security researchers traced the malware back to specific compromised projects and vulnerable developers. The collaboration enabled both companies to map the full attack scope and dismantle command-and-control servers simultaneously.

The Glassworm operation underscores why supply chain security has become a board-level concern. High-profile breaches like SolarWinds and the Xz Utils backdoor demonstrated that attackers focus on inflection points where trust is implicit. Open source software presents an ideal target. Developers assume code from established projects is vetted, while companies trust their development teams to use secure dependencies.

This takedown matters because it signals coordinated industry response to botnet infrastructure. CrowdStrike and Google sharing intelligence and acting in tandem increases the cost for attackers operating at scale. However, the existence of Glassworm in the first place reveals gaps in open source security monitoring.

Going forward, developers and organizations will need more granular visibility into their supply chains. Binary analysis, behavioral monitoring, and reputation scoring for