Researchers Spot Supply Chain Attack Targeting GitLab CI Pipelines

19-May-22

CrateDepression is a campaign that uses typosquatting and impersonating a well-known Rust developer to spread a malicious ‘crate’ posted on the Rust dependent community repository.

The malicious crate was quickly identified and destroyed, but SentinelLabs researchers discovered a second-stage payload that was developed exclusively for Gitlab CI pipelines, indicating the possibility of larger-scale supply-chain attacks. Read More…