- 퀄컴, 베트남 빈AI의 생성형 AI 부문 ‘모비안AI’ 인수··· AI 솔루션 고도화 박차
- 블로그 | 정치적 격동기에 IT 리더가 할 수 있는 역할
- 완전 자율 주행 자동차가 관광 산업에도 영향··· 웨이모, ‘2025 관광 영향 보고서’ 발간
- European cloud group invests to create what it dubs “Trump-proof cloud services”
- The OnePlus 12 is still a powerhouse in 2025 - and it's on sale for a limited time
GitHub Warns Devs of North Korean Attacks

GitHub has warned of a new North Korean threat campaign designed to compromise victims via malicious npm package dependencies.
The development platform claimed in a blog post earlier this week that the attacks targeted employees in the blockchain, cryptocurrency, online gambling and cybersecurity sectors.
Attacks start with the threat actors impersonating a developer or recruiter with a fake GitHub, LinkedIn, Slack or Telegram profile, according to Alexis Wales, VP of GitHub security operations. In some cases, the attacker may hijack legitimate accounts.
Read more on North Korean attacks: North Korean APT Kimsuky Launches Global Spear-Phishing Campaign.
They then initiate contact with the target and attempt to move the conversation to another platform.
“After establishing contact with a target, the threat actor invites the target to collaborate on a GitHub repository and convinces the target to clone and execute its contents,” Wales explained.
“The GitHub repository may be public or private. The GitHub repository contains software that includes malicious npm dependencies. Some software themes used by the threat actor include media players and cryptocurrency trading tools.”
These malicious dependencies act as first-stage malware designed to download a second-stage threat to the victim’s machine, although it’s unclear exactly what this is.
“The threat actor often publishes their malicious packages only when they extend a fraudulent repository invitation, minimizing the exposure of the new malicious package to scrutiny,” said Wales.
“In some cases, the actor may deliver the malicious software directly on a messaging or file sharing platform, bypassing the repository invitation/clone step.”
GitHub claimed with “high confidence” that attackers belong to the North Korean group known as “Jade Sleet” by Microsoft Threat Intelligence and “TraderTraitor” by the US Cybersecurity and Infrastructure Security Agency (CISA).
In related news, an attack on SSO vendor JumpCloud at the end of June has also been attributed to North Korea, according to SentinelOne.
Image credit: Piotr Swat / Shutterstock.com