Security News > 2023 > August > North Korean Hackers Suspected in New Wave of Malicious npm Packages
The npm package registry has emerged as the target of yet another highly targeted attack campaign that aims to entice developers into downloading malevolent modules.
Software supply chain security firm Phylum told The Hacker News the activity exhibits similar behaviors to that of a previous attack wave uncovered in June, which has since been linked to North Korean threat actors.
As many as nine packages have been identified as uploaded to npm between August 9 and 12, 2023.
The development follows the discovery of a typosquat version of a popular Ethereum package on npm that's engineered to make an HTTP request to a Chinese server has withdrawn its association with the project.
The findings also come as organizations have been found increasingly vulnerable to dependency confusion attacks, potentially leading developers to unwittingly introduce vulnerable or malicious code into their projects, effectively resulting in large-scale supply chain attacks.
As mitigations against dependency confusion attacks, it's recommended to publish internal packages under organization scopes and reserve internal package names in the public registry as placeholders to prevent misuse.
News URL
https://thehackernews.com/2023/08/north-korean-hackers-suspected-in-new.html
Related news
- Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)