Glassworm botnet
Coverage of Glassworm botnet in the Nexus archive.
- CrowdStrike, Google shatter Glassworm botnet
CrowdStrike, in collaboration with Google and the Shadowserver Foundation, successfully dismantled the Glassworm botnet, a credential-stealing worm targeting developers through poisoned software packages. The botnet used blockchain-based command-and-control infrastructure and Google Calendar as a backup server, but was neutralized by disrupting all four C2 channels simultaneously.
- CrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacks
CrowdStrike and Google collaborated to dismantle the Glassworm botnet, which was used by hackers to infect open source software projects with malware. This botnet targeted software developers and companies through supply chain attacks.
- CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain
CrowdStrike, with assistance from Google and Shadowserver, dismantled the Glassworm botnet, which had infected hundreds of open-source software packages since 2025. The operation disrupted four attacker-controlled servers and infrastructure layers, including Solana blockchain, BitTorrent, and Google Calendar, to halt malware distribution and credential theft.
- Glassworm botnet disrupted after resilient C2 infrastructure takedown
The Glassworm botnet, which targets developers through software supply-chain attacks, was disrupted after its resilient command-and-control infrastructure using Solana blockchain transactions and BitTorrent DHT network was taken down by researchers.