Connect with us

Hi, what are you looking for?

Cyber Security

GitHub Warns that Lazarus Hacker Group Targeting Developers User Account

A North Korea based threat actor targeting personal accounts of technology firms through low-profile social engineering attempts.

This campaign utilizes a combination of repository invitations and a malicious npm package to target the victim’s accounts associated with blockchain, cryptocurrency, or online gambling sectors.

According to the latest article by Github, this campaign actor is linked up with a group likely known as Jade Sleet by Microsoft Threat Intelligence and TraderTraitor by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). 

GitHub confirmed that no GitHub accounts or npm systems accounts were compromised in this campaign. 

Lazarus Group Attack Process

Initially, the threat actor impersonates a developer or recruiter by creating professional profiles on Github and some other social media websites.

They utilize both personal accounts as well as compromised accounts by jade sleet to contact the victims.

The actor may initiate contact on one platform and then switch the conversation to another platform.

Once connected with a target, the threat actor invites the target to collaborate on a GitHub repository and manipulates the target to clone and execute its contents. 

In some cases, the actor may send the malicious software straight through a messaging or file-sharing service, skipping the step of inviting people to the repository and cloning it.

The software in the GitHub source has malicious npm dependencies. Some of the software used by the threat actor are media players and tools for selling cryptocurrencies.

These malicious npm packages download second-stage malware on the victim’s computer. 

The threat actor usually doesn’t post their malicious packages until they send a fake repository invitation. 

Github has suspended npm and GitHub accounts associated with the campaign and shared IOC details on their blog.

The best practice to avoid this campaign is to be cautious of social media solicitations to collaborate on or install npm packages or software that depends on them.

Source: https://cybersecuritynews.com/lazarus-hacker-group-targeting-developers/

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

In recent findings from Check Point Research, a significant phishing attack targeting more than 40 prominent Colombian companies has been uncovered.  The attackers behind this campaign...

Cyber Security

According to recent reports, a threat actor has compromised the confidential information of 3,200 Airbus vendors. The exposed data includes sensitive details such as...

Cyber Security

A group of Researchers unearthed critical code Proton Mail vulnerabilities that could have jeopardized the security of Proton Mail, a renowned privacy-focused webmail service. ...

Cyber Security

Telegram Messenger offers global, cloud-based instant messaging with several features:- Cybersecurity researchers at Securlist recently found several Telegram mods on Google Play in various...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO