CrowdStrike and Google dismantle Glassworm botnet targeting software developers

CrowdStrike and Google have jointly taken down the Glassworm botnet, which cybercriminals used to infiltrate open source software projects with malware. The operation targeted software developers and companies through supply chain attacks, compromising widely-used open source tools to reach downstream victims.

CrowdStrike and Google have successfully dismantled the Glassworm botnet, a sophisticated piece of criminal infrastructure that hackers had been using to conduct supply chain attacks against software developers and the companies that rely on their work.

How the Attack Worked

The Glassworm botnet operated by first infecting open source software projects with malware. Because developers and businesses routinely incorporate open source components into their own products, compromising these shared repositories gave attackers a powerful foothold — once malicious code entered a popular open source project, it could spread automatically to anyone who downloaded or updated that software.

This type of supply chain attack is considered particularly dangerous in cybersecurity circles because it exploits the trust that developers place in widely-used, community-maintained tools. Rather than targeting individual victims directly, attackers essentially set traps inside software that thousands of developers use every day.

Joint Takedown Operation

The coordinated takedown by CrowdStrike and Google marks a significant blow against the criminal operation. Both companies have extensive visibility into global internet traffic and malware activity, making their collaboration particularly effective against large-scale botnet infrastructure. The operation highlights a growing trend of private cybersecurity firms working together to disrupt criminal networks that government agencies alone may struggle to dismantle swiftly.

Supply chain attacks have become an increasingly favored method among sophisticated threat actors in recent years, with high-profile incidents demonstrating just how damaging a single compromised component can be across an entire software ecosystem.