Type
Campaign
Actors
UNC3379
Pub. date
December 15, 2021
Initial access
Unknown
Impact
Resource hijackingSupply chain attack
Observed techniques
Supply Chain Compromise
References
https://cloud.google.com/blog/topics/threat-intelligence/supply-chain-node-js/https://github.com/veged/coa/issues/99https://github.com/faisalman/ua-parser-js/issues/536
Status
Stub
Last edited
Oct 8, 2025 1:50 PM
Mandiant has attributed supply chain attacks which compromised ua-parser-js , coa, and rc to UNC3379. The malicious packages would download and execute both a Monero cryptocurrency miner, and the DANABOT banking trojan, depending on the OS.