CrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacks

The first StrictlyVC of 2026 hits SF on April 30. Tickets are going fast. Register now. Get Disrupt Early Bird savings of up to $410 by May 29, 11:59 p.m. PT. Register now. TechCrunch Desktop Logo TechCrunch Mobile Logo LatestStartupsVentureAppleSecurityAIApps EventsPodcastsNewsletters SearchSubmit Site Search Toggle Mega Menu Toggle Topics Latest CrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacks Lorenzo Franceschi-Bicchierai 9:59 AM PDT · May 27, 2026 CrowdStrike, working with Google and Shadowserver, a nonprofit organization that scans and monitors the internet for cyberattacks, took down a botnet that cybercriminals used to push malware and steal passwords from open-source software developers. The takedown operation had the goal of disrupting the activities of the cybercriminals behind the so-called Glassworm botnet, who have been targeting the broader open source software supply chain for two years, according to CrowdStrike.  In recent months, several hacking groups have targeted developers and open source projects to push malicious software to companies and organizations who in turn use that software. These attacks can be effective because they exploit the trust that companies put into code that’s hosted on platforms like GitHub, and the workers behind that code. “Adversaries are no longer just targeting products, they’re targeting the developers who build them,” CrowdStrike wrote in its report about the takedown operation. “Developers represent uniquely high-value targets: compromising a single developer’s workstation can cascade into a supply-chain compromise that impacts thousands of downstream organizations and users.” The Glassworm hackers used several strategies to push out their malicious code. This included publishing malicious extensions on a marketplace used by developers; by malvertising — where hackers pay for sponsored search results that trick victims into downloading malware; and using credentials stolen in previous hacks, which allowed the hijacking of developer accounts and the planting of malware in their code.  In the end, the hackers were able to poison — as CrowdStrike put it — more than 300 GitHub code repositories.  Contact Us Do you have more information about the Glassworm hacking group? Or about other supply chain attacks? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or by email. CrowdStrike said it was able to takedown four command-and-control channels used by the Glassworm hackers, which cut the hackers’ access to infected computers and stopped them from delivering more malware. The command-and-control servers relied on the Solana blockchain, the BitTorrent peer-to-peer network, Google Calendar, and virtual private servers, according to CrowdStrike. It’s not clear on what legal or technical authority CrowdStrike and others operated under to takedown the operation. A spokesperson for CrowdStrike did not immediately comment.  Last week, hackers compromised several open source projects that pushed out malicious updates in a different hacking campaign that was called “Mini Shai-Hulud.” An OpenAI developer was compromised by this group of hackers. In another supply chain attack in March, a suspected North Korean hacker hijacked the popular open source software development tool Axios, which is used by millions of developers. When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence. Lorenzo Franceschi-Bicchierai Senior Reporter, Cybersecurity Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy. You can contact or verify outreach from Lorenzo by emailing lorenzo@techcrunch.com, via encrypted message at +1 917 257 1382 on Signal, and @lorenzofb on Keybase/Telegram. May 27 Athens, Greece StrictlyVC Athens is up next. Hear unfiltered insights straight from Europe’s tech leaders and connect with the people shaping what’s ahead. Lock in your spot before it’s gone. Most Popular 6 kitchen gadgets that make adulting feel easier Lauren Forristal I tried Amazon’s Bee wearable and am both intrigued and slightly creeped out Lucas Ropek Elon Musk has given up on solar power (on Earth) Tim De Chant You can no longer Google the word ‘disregard’ Russell Brandom Waymo expands pause to four cities as robotaxis keep driving into floods Sean O'Kane Six search engines worth trying now that Google isn’t really Google anymore Amanda Silberling Jensen Huang says he’s found a ‘brand new’ $200B market for Nvidia Julie Bort X LinkedIn Facebook Instagram youTube Mastodon Threads Bluesky TechCrunchStaffContact UsAdvertiseCrunchboard JobsSite Map Terms of ServicePrivacy PolicyRSS Terms of UseCode of Conduct Google SearchSpotifyOuraTrump MobileMetaTech LayoffsChatGPT © 2026 TechCrunch Media LLC.