• expertmadmanOP
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    They’re often supported by external resources, like China. There isn’t really a community inside of North Korea to draw from like you’d expect in some more established countries.

    In this case the attackers are targeting technologists and convincing them to collaborate on a git repository somewhere. That git repo includes dependencies that are hosted on npm, and require a specific order of installation to trigger the malicious behavior.

    When the unwitting dev installs thaw deps for the git reo, they receive the malicious payload as well.