Security News > 2023 > August > North Korean Hackers Suspected in New Wave of Malicious npm Packages
The npm package registry has emerged as the target of yet another highly targeted attack campaign that aims to entice developers into downloading malevolent modules.
Software supply chain security firm Phylum told The Hacker News the activity exhibits similar behaviors to that of a previous attack wave uncovered in June, which has since been linked to North Korean threat actors.
As many as nine packages have been identified as uploaded to npm between August 9 and 12, 2023.
The development follows the discovery of a typosquat version of a popular Ethereum package on npm that's engineered to make an HTTP request to a Chinese server has withdrawn its association with the project.
The findings also come as organizations have been found increasingly vulnerable to dependency confusion attacks, potentially leading developers to unwittingly introduce vulnerable or malicious code into their projects, effectively resulting in large-scale supply chain attacks.
As mitigations against dependency confusion attacks, it's recommended to publish internal packages under organization scopes and reserve internal package names in the public registry as placeholders to prevent misuse.
News URL
https://thehackernews.com/2023/08/north-korean-hackers-suspected-in-new.html
Related news
- North Korean govt hackers linked to Play ransomware attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- North Korean hackers create Flutter apps to bypass macOS security (source)
- North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Radiant links $50 million crypto heist to North Korean hackers (source)