North Korean hackers target open-source repositories in new espionage campaign
10 days ago
- #cybersecurity
- #espionage
- #open-source
- North Korean state-backed hackers planted malicious code in open-source software repositories.
- Between January and July, 234 malicious packages were blocked on npm and PyPI repositories.
- The malicious packages impersonated legitimate tools to steal credentials and plant backdoors.
- Over 36,000 developers may have been impacted by the campaign.
- Lazarus exploited gaps in the open-source supply chain, like unvetted packages and lack of oversight.
- Typosquatting and brand impersonation tactics were used to trick developers.
- Malicious packages deployed spying tools like clipboard stealers, keyloggers, and credential harvesters.
- Lazarus has shifted from financial theft to espionage and critical infrastructure access.
- Developers in DevOps and CI/CD-heavy environments were specifically targeted.
- Open-source repositories are increasingly exploited for financial gain or espionage.
- Recent incidents include phishing attacks on npm and PyPI maintainers.
- Lazarus is turning open-source ecosystems into delivery mechanisms for cyberespionage.