this post was submitted on 22 Jul 2023
8 points (100.0% liked)
netsec - Network Security
392 readers
1 users here now
This is the netsec Community, a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise - to provide value to security practitioners, students, researchers, and hackers everywhere.
Content Guidelines:
- Content should focus on the "How".
- Always try to link to the original source.
- Titles should provide context.
- Ask Questions with a "[Question]" prefix in the Title.
- Hiring Posts must go in the [Hiring] (stickied) Threads.
- Commercial advertisement is discouraged.
Discussion Guidelines:
- Don't create unnecessary conflict.
- No trolling allowed, limit the use of jokes and memes.
- Don't complain about content being a PDF.
- Be nice to each other, everybody started somewhere.
Prohibited Content:
- No populist news articles (CNN, BBC, FOX, etc)
- No curated lists.
- No social media posts (Facebook, Twitter, etc).
- No image-only/video-only posts.
- No livestreams.
- No Tech Support requests.
- No paywalled/regwalled content (use archive.is if possible?)
- No commercial advertisement.
- No crowdfunding posts.
- No personally identifiable information.
- No doxxing, and no harrassment of any kind.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
They’re often supported by external resources, like China. There isn’t really a community inside of North Korea to draw from like you’d expect in some more established countries.
In this case the attackers are targeting technologists and convincing them to collaborate on a git repository somewhere. That git repo includes dependencies that are hosted on npm, and require a specific order of installation to trigger the malicious behavior.
When the unwitting dev installs thaw deps for the git reo, they receive the malicious payload as well.