Over the last week, troubling new reports have arisen about state-sponsored threat actors leveraging modified open source applications to compromise employees' machines at technology companies, governments, and non-profit organizations. Microsoft, Mandiant, and Ars Technica all covered the technicalities of the attack type, where bad actors pose as recruiters who target specific individuals as their victims.
Article Link: Weaponizing Open Source Through Job Recruiting