UNC3379 npm supply chain attacks

Type

Campaign

Actors

💡UNC3379

Pub. date

December 15, 2021

Initial access

Unknown

Impact

Resource hijackingSupply chain attack

Observed techniques

Supply Chain Compromise

References

https://cloud.google.com/blog/topics/threat-intelligence/supply-chain-node-js/https://github.com/veged/coa/issues/99https://github.com/faisalman/ua-parser-js/issues/536

Status

Stub

Last edited

Oct 8, 2025 1:50 PM

Mandiant has attributed supply chain attacks which compromised ua-parser-js , coa, and rc to UNC3379. The malicious packages would download and execute both a Monero cryptocurrency miner, and the DANABOT banking trojan, depending on the OS.