Key Points
- A coordinated takedown by CrowdStrike, Google and the Shadowserver Foundation disrupted the Glassworm botnet by simultaneously cutting off four resilient command-and-control channels.
- Glassworm illustrated how attackers increasingly target developers through malicious extensions, packages and repositories to steal credentials and silently push compromised code across hundreds of downstream artifacts.
- IANS Faculty say organizations should treat developer environments as production systems by inventorying tools, auditing identity access and monitoring for anomalous activity, as stolen developer credentials remain a persistent risk even after infrastructure takedowns.
Coordinated Takedown Disrupts Glassworm Supply-Chain Attacks
A coordinated operation by CrowdStrike, Google and the Shadowserver Foundation disrupted the Glassworm botnet used in software supply-chain attacks.
The Glassworm campaign systematically targeted software developers due to their access to source code repositories, cloud platforms, CI/CD pipelines and package registries.
The campaign was initially identified in October 2025, targeting developers with malicious OpenVSX and Microsoft VS Code extensions to access cryptocurrency wallets and credentials. It later expanded to compromised npm and Python packages, and GitHub repositories seeded with stolen developer credentials. More recent attacks have focused on planting dormant extensions on OpenVSX that activate malicious components after an update.
Glassworm persisted because of its resilient command-and-control (C2) infrastructure, which relied on nontraditional communication channels designed to resist disruption efforts.
To disrupt the campaign, researchers had to simultaneously cut off four communication channels, severing the operators’ access to infected machines and preventing the delivery of new instructions and payloads.
Big Picture
Glassworm highlights how compromised developer identities create systemic risk across the software supply chain, allowing attackers to silently push malicious code.
"Most security teams cannot answer which VS Code extensions are installed across their dev fleet, which npm tokens are scoped to which packages, or which GitHub PATs have publishing rights. Until that inventory exists, every Glassworm-class campaign is a free shot.” George Gershow, IANS Faculty.
The campaign reflects a shift toward adversaries targeting the developer layer rather than production systems, using trusted identities to avoid detection.
"Attackers are increasingly targeting the software creation ecosystem itself, rather than just enterprise endpoints, and they are building C2 infrastructure specifically designed to survive traditional takedowns and rapidly reconstitute.” Dave Shackleford, IANS Faculty.
Despite the takedown, underlying risk remains because the stolen credentials are already exposed.
"While a takedown like this is good in the short term, history has shown that they'll be back and with an even stronger C2 infrastructure. This is not a reason to relax.” Josh More, IANS Faculty.
IANS Faculty Recommendations
- Monitor for anomalous outbound behavior: Monitor for unusual outbound activity from dev environments, including decentralized C2 (blockchain, P2P, cloud).
- Inventory the dev fleet: Inventory the developer stack like VS Code extensions, IDE plugins, npm and GitHub CLI auth state.
- Audit publishing scope on every developer credential: Rotate anything older than 90 days and scope to the narrowest set of packages possible.
- Run the data exposure question backwards: For each developer on the compromised tool surface, list what they can reach.
- Control update and namespace risk: Control update risk by quarantining updates, enforcing namespaces, and verifying package integrity.
Authors & Contributors
Nuria Diaz Munoz, Author, IANS News
George Gerchow, IANS Faculty
Josh More, IANS Faculty
Dave Shackleford, IANS Faculty
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our News & blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.