Analysts warn that the attack group, now known as ‘Earth Centaur,’ is honing its attacks to go after transportation and government agencies.
https://threatpost.com/tropic-trooper-transportation/177106/
In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module.
https://threatpost.com/dev-sabotages-popular-npm-package-protest-russian-invasion/178972/