New Tactics from a Familiar Threat
Contents
New Tactics from a Familiar Threat
For over a year, Phylum has been exposing North Korean threat actors attacking software developers in the open-source supply chain. This blog post highlights evolving tactics from a North Korean campaign that began in September 2023 with a package published on 4 July 2024 in npm. Like a snake shedding its old skin, this attacker's evasive attempts have introduced some novelties, but many of the same patterns and idioms we have seen throughout this campaign remain. Join us as we dive deep into the details of this new offering from an old threat actor.
--cta--
A weaponized copy of a legitimate npm package
call-bind versus
call-blockflow
call-bind is a legitimate npm package with over 2000 downstream dependents and over 45 million weekly downloads whose maintainer supports over 500 packages on npm.
call-blockflow, on the other hand, was a near duplicate of the
call-bind package published on 4 July to npm, only to …
For over a year, Phylum has been exposing North Korean threat actors attacking software developers in the open-source supply chain. This blog post highlights evolving tactics from a North Korean campaign that began in September 2023 with a package published on 4 July 2024 in npm. Like a snake shedding its old skin, this attacker's evasive attempts have introduced some novelties, but many of the same patterns and idioms we have seen throughout this campaign remain. Join us as we dive deep into the details of this new offering from an old threat actor.
--cta--
A weaponized copy of a legitimate npm package
call-bind versus
call-blockflow
call-bind is a legitimate npm package with over 2000 downstream dependents and over 45 million weekly downloads whose maintainer supports over 500 packages on npm.
call-blockflow, on the other hand, was a near duplicate of the
call-bind package published on 4 July to npm, only to …
IoC
https://cryptocopedia.com/explorer/search.asp?token=5032