Security News > 2024 > August > North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry
The North Korea-linked threat actor known as Moonstone Sleet has continued to push malicious npm packages to the JavaScript package registry with the aim of infecting Windows systems, underscoring the persistent nature of their campaigns.
The security arm of the cloud monitoring firm is tracking the threat actor under the name Stressed Pungsan, which exhibits overlaps with a newly discovered North Korean malicious activity cluster dubbed Moonstone Sleet.
"The malicious package reuses code from a well-known GitHub repository called node-config with over 6,000 stars and 500 forks, known in npm as config."
"In another incident, Moonstone Sleet delivered a malicious npm loader which led to credential theft from LSASS.".
Subsequent findings from Checkmarx uncovered that Moonstone Sleet has also been attempting to spread their packages through the npm registry.
The rogue DLL, for its part, does not perform any malicious actions, suggesting either a trial run of its payload delivery infrastructure or that it was inadvertently pushed to the registry before embedding malicious code into it.
News URL
https://thehackernews.com/2024/08/north-korean-hackers-moonstone-sleet.html
Related news
- CoinStats says North Korean hackers breached 1,590 crypto wallets (source)
- Japan warns of attacks linked to North Korean Kimsuky hackers (source)
- North Korean Hackers Update BeaverTail Malware to Target MacOS Users (source)
- KnowBe4 mistakenly hires North Korean hacker, faces infostealer attack (source)
- North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks (source)
- U.S. DoJ Indicts North Korean Hacker for Ransomware Attacks on Hospitals (source)
- North Korean hackers exploit VPN update flaw to install malware (source)