GitHub Warns Devs of North Korean Attacks

GitHub has warned of a new North Korean threat campaign designed to compromise victims via malicious npm package dependencies.

The development platform claimed in a blog post earlier this week that the attacks targeted employees in the blockchain, cryptocurrency, online gambling and cybersecurity sectors.

Attacks start with the threat actors impersonating a developer or recruiter with a fake GitHub, LinkedIn, Slack or Telegram profile, according to Alexis Wales, VP of GitHub security operations. In some cases, the attacker may hijack legitimate accounts.

They then initiate contact with the target and attempt to move the conversation to another platform.

“After establishing contact with a target, the threat actor invites the target to collaborate on a GitHub repository and convinces the target to clone and execute its contents,” Wales explained.

“The GitHub repository may be public or private. The GitHub repository contains software that includes malicious npm dependencies. Some software themes used by the threat actor include media players and cryptocurrency trading tools.”

These malicious dependencies act as first-stage malware designed to download a second-stage threat to the victim’s machine, although it’s unclear exactly what this is.

“The threat actor often publishes their malicious packages only when they extend a fraudulent repository invitation, minimizing the exposure of the new malicious package to scrutiny,” said Wales.

“In some cases, the actor may deliver the malicious software directly on a messaging or file sharing platform, bypassing the repository invitation/clone step.”

GitHub claimed with “high confidence” that attackers belong to the North Korean group known as “Jade Sleet” by Microsoft Threat Intelligence and “TraderTraitor” by the US Cybersecurity and Infrastructure Security Agency (CISA).

In related news, an attack on SSO vendor JumpCloud at the end of June has also been attributed to North Korea, according to SentinelOne.

Image credit: Piotr Swat / Shutterstock.com

GitHub Warns Devs of North Korean Attacks

Phil Muncaster

You may also like

Threat Actors Game GitHub Search to Spread Malware

Attacker Accessed Dozens of Repositories After OAuth Token Theft

North Korean Hackers Expand Targeting of Security Community

Open Source Leaders Warn of XZ Utils-Like Takeover Attempts

Researchers Report Sevenfold Increase in Data Theft Cases

What’s hot on Infosecurity Magazine?

Fifth of CISOs Admit Staff Leaked Data Via GenAI

State-Sponsored Espionage Campaign Exploits Cisco Vulnerabilities

BEC and Fund Transfer Fraud Top Insurance Claims

Online Banking Security Still Not Up to Par, Says Which?

How to Open and View OST Files Without Outlook

How to Backup and Restore Database in SQL Server

Alarming Decline in Cybersecurity Job Postings in the US

North Korean Group Kimsuky Exploits DMARC and Web Beacons

Russian Sandworm Group Hit 20 Ukrainian Energy and Water Sites

Dependency Confusion Vulnerability Found in Apache Project

How to Navigate the Risks of Generative AI

Hope Revived for UN Cybercrime Treaty as Negotiations Set to Resume

Incident Response: Four Key Cybersecurity Measures to Protect Your Business

Disinformation Defense: Protecting Businesses from the New Wave of AI-Powered Cyber Threats

Is MFA Enough? Strategies for Next-Level Identity Security in 2024

Navigating the Evolving Cybersecurity Compliance Landscape in 2024

Securing APIs in the Cloud Frontier

Adapting to Tomorrow's Threat Landscape: AI's Role in Cybersecurity and Security Operations in 2024

Infosecurity Magazine Spring Online Summit 2024: Day One

Infosecurity Magazine Spring Online Summit 2024: Day Two

Russia’s Midnight Blizzard Accesses Microsoft Source Code

I-Soon GitHub Leak: What Cyber Experts Learned About Chinese Cyber Espionage

LockBit Takedown: What You Need to Know about Operation Cronos

Women in Cybersecurity at Infosecurity Europe 2024

GitHub Warns Devs of North Korean Attacks

Written by

You may also like

What’s hot on Infosecurity Magazine?