In June 2023, Phylum was the first to unearth a series of suspicious npm publications belonging to what appeared to be a highly targeted attack. The identified packages, published in pairs, required installation in a specific sequence, subsequently retrieving a token that facilitated the download of a final malicious payload
Whenever I hear about hackers in North Korea I always wonder how they could support a sophisticated info sec agency with advanced capabilities. I guess I just assumed there isn’t really a thriving tech community in NK from which to recruit.
I honestly don’t know, maybe this attack is as simple as tricking a maintainer into merging a sketchy commit, and not that sophisticated?
Or do they “purchase capability” from supporters like China or Russia?
This attack does seem to be on the simpler side technically.
NK recruits their hackers straight from the elite-ish high schools, trains them in computer science, and send them abroad with the objective to earn money through any technical means. How exactly they do it is pretty much up to them.
Whenever I hear about hackers in North Korea I always wonder how they could support a sophisticated info sec agency with advanced capabilities. I guess I just assumed there isn’t really a thriving tech community in NK from which to recruit.
I honestly don’t know, maybe this attack is as simple as tricking a maintainer into merging a sketchy commit, and not that sophisticated?
Or do they “purchase capability” from supporters like China or Russia?
This attack does seem to be on the simpler side technically.
NK recruits their hackers straight from the elite-ish high schools, trains them in computer science, and send them abroad with the objective to earn money through any technical means. How exactly they do it is pretty much up to them.
I can highly recommend the podcast “The Lazarus Heist” if you want to know more about NKs state hacking ventures: http://www.bbc.co.uk/programmes/w13xtvg9
RSS address: https://podcasts.files.bbci.co.uk/w13xtvg9.rss