this post was submitted on 22 Jul 2023
8 points (100.0% liked)

netsec - Network Security

392 readers
1 users here now

This is the netsec Community, a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise - to provide value to security practitioners, students, researchers, and hackers everywhere.

Content Guidelines:

Discussion Guidelines:

Prohibited Content:

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 year ago (2 children)

Whenever I hear about hackers in North Korea I always wonder how they could support a sophisticated info sec agency with advanced capabilities. I guess I just assumed there isn't really a thriving tech community in NK from which to recruit.

I honestly don't know, maybe this attack is as simple as tricking a maintainer into merging a sketchy commit, and not that sophisticated?

Or do they "purchase capability" from supporters like China or Russia?

[–] expertmadman 2 points 1 year ago

They’re often supported by external resources, like China. There isn’t really a community inside of North Korea to draw from like you’d expect in some more established countries.

In this case the attackers are targeting technologists and convincing them to collaborate on a git repository somewhere. That git repo includes dependencies that are hosted on npm, and require a specific order of installation to trigger the malicious behavior.

When the unwitting dev installs thaw deps for the git reo, they receive the malicious payload as well.

load more comments (1 replies)