Security News > 2023 > August > North Korean Hackers Suspected in New Wave of Malicious npm Packages

The npm package registry has emerged as the target of yet another highly targeted attack campaign that aims to entice developers into downloading malevolent modules.

Software supply chain security firm Phylum told The Hacker News the activity exhibits similar behaviors to that of a previous attack wave uncovered in June, which has since been linked to North Korean threat actors.

As many as nine packages have been identified as uploaded to npm between August 9 and 12, 2023.

The development follows the discovery of a typosquat version of a popular Ethereum package on npm that's engineered to make an HTTP request to a Chinese server has withdrawn its association with the project.

The findings also come as organizations have been found increasingly vulnerable to dependency confusion attacks, potentially leading developers to unwittingly introduce vulnerable or malicious code into their projects, effectively resulting in large-scale supply chain attacks.

As mitigations against dependency confusion attacks, it's recommended to publish internal packages under organization scopes and reserve internal package names in the public registry as placeholders to prevent misuse.

News URL

https://thehackernews.com/2023/08/north-korean-hackers-suspected-in-new.html