CrowdStrike, Google Take Down Glassworm Botnet

CrowdStrike, Google and the Shadowserver Foundation jointly disrupted the Glassworm botnet by simultaneously taking down all four of its command-and-control channels, which used a mix of traditional VPS C2 servers and resilient indirect channels (Google Calendar dead-drops, BitTorrent P2P, and Solana blockchain memos). Glassworm, active since early 2025, was used in supply-chain attacks that trojanized VS Code extensions and poisoned npm/Python packages and reportedly led to the compromise of over 300 GitHub repositories via stolen developer credentials, posing a significant threat to developer ecosystems.