The malicious activity, attributed to a software supply chain threat actor dubbed CuteBoi, involves an array of 1,283 rogue modules that were published in an automated fashion from over 1,000 different user accounts.