North Korean hackers spread over 1,700 malicious packages across major code registries

April 13, 20262 min read1 sources
Share:
North Korean hackers spread over 1,700 malicious packages across major code registries

A persistent software supply chain campaign attributed to North Korean threat actors has significantly expanded, publishing over 1,700 malicious packages across multiple open-source code registries. The operation, dubbed “Contagious Interview,” now targets developers in the Go, Rust, and PHP ecosystems in addition to its previous focus on npm for JavaScript and PyPI for Python.

According to security researchers, the malicious packages impersonate legitimate developer tooling and popular libraries. Once a developer installs one of these packages, it functions as a malware loader. This initial component establishes a connection to an attacker-controlled server to download and execute a secondary, more damaging payload. This method gives the attackers an initial foothold on a developer’s machine.

The primary impact is the compromise of development environments, which can lead to the theft of credentials, source code, and other intellectual property. An infected developer machine can also serve as a gateway for attackers to pivot into a company's internal network, escalating the potential damage far beyond a single computer.

The expansion into Go, Rust, and PHP indicates a concerted effort to compromise a broader segment of the software development community. By targeting the foundational building blocks used in modern applications, the attackers aim to infect organizations from within their development pipelines. This campaign extends the established playbook of state-sponsored actors who view developers as high-value targets for espionage and financial gain. Organizations are advised to implement strict dependency management practices and utilize security scanning tools to vet third-party code.

Share:

// SOURCES

// RELATED

Meta settles bellwether lawsuit alleging addictive design harmed student mental health

Meta's confidential settlement with a Washington school district marks a pivotal moment in the massive litigation against social media's psychological

6 min readMay 24

Huawei zero-day attack behind last year’s crash of Luxembourg's entire telecoms network

A sophisticated zero-day attack on Huawei routers allegedly caused Luxembourg's 2023 national telecom outage, raising severe global security concerns.

6 min readMay 23

MiniPlasma Windows 0-day enables SYSTEM privilege escalation on fully patched systems

A newly disclosed 0-day flaw, MiniPlasma, allows attackers to gain full SYSTEM control on patched Windows systems, with a public PoC accelerating risk

6 min readMay 18

The ransomware dilemma: why more than half of security chiefs would pay the price

A new survey reveals 56% of CISOs would consider paying a ransom, highlighting the intense pressure to restore operations despite official guidance.

6 min readMay 16