lazarusholic

Everyday is lazarus.dayβ

#NPM

Vulnerability/Target

Reports

2025-06-25
Socket
Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages
#BeaverTail #ContagiousInterview #HexEval #NPM
2025-06-18
Ketman
DPRK IT Worker-Related Account Takeover
#ITWorker #NPM
2025-06-12
Aikido
Malicious crypto-theft package targets Web3 developers in North Korean operation
#NPM
2025-04-29
Censys
Inside North Korea’s Cyber Ops with Silas Cutler
#BeaverTail #NPM #Youtube
2025-04-09
Veracode
Resurgent North Korean Malware Campaign in npm
#Lazarus #NPM
2025-04-04
Socket
Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads
#BeaverTail #ContagiousInterview #Lazarus #NPM
2025-03-17
Logpresso
북한 라자루스(Lazarus) 그룹이 배포한 악성 npm 패키지 감염 사례
#Lazarus #NPM
2025-03-10
Socket
Lazarus Strikes npm Again with New Wave of Malicious Package
#Lazarus #NPM
2025-02-13
SecurityScorecard
Lazarus Group Targets Developers Through NPM Packages and Supply Chain Attacks
#Lazarus #MarstechMayhem #NPM
2025-01-29
Socket
North Korean APT Lazarus Targets Developers with Malicious npm Package
#Lazarus #NPM
2024-10-17
eSentire
Bored BeaverTail Yacht Club – A Lazarus Lure
#BeaverTail #InvisibleFerret #NPM
2024-08-29
Phylum
North Korea Still Attacking Developers via npm
#ContagiousInterview #MoonstoneSleet #NPM
2024-08-26
PolySwarm
DevPopper Campaign Targets Software Developers
#NPM #DevPopper
2024-08-24
Hackhunting
Software Supply Chain Threat Landscape July 2024: PyPI, NPM, GitHub and macOS
#NPM #PyPI
2024-08-07
Checkmarx
A Year-Long Campaign of North Korean Actors Targeting Developers via Malicious npm Packages
#NPM
2024-08-01
Datadog
Stressed Pungsan: DPRK-aligned threat actor leverages npm for initial access
#NPM #StressedPungsan
2024-07-31
Securonix
Research Update: Threat Actors Behind the DEV#POPPER Campaign Have Retooled and are Continuing to Target Software Developers via Social Engineering
#DevPopper #NPM
2024-07-24
Stacklok
North Korean State Actors Exploit Open Source Supply Chain via Malicious npm Package
#NPM
2024-07-08
Phylum
New Tactics from a Familiar Threat
#NPM
2024-06-13
Checkmarx
A New North Korean Group Emerges, Disrupting the Open Source Ecosystem
#JadeSleet #NPM #MoonstoneSleet
2024-05-28
Microsoft
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
#NPM #ITWorker #MoonstoneSleet #FakePenny #Storm-1789 #PuTTY #Storm-1877 #DeTankWar #DeFiTankLand
2024-05-09
Kaspersky
APT trends report Q1 2024
#Trend #NPM #Andariel #ThreatNeedle #Kimsuky #AppleSeed #Durian
2024-04-25
Securonix
Analysis of DEV#POPPER: New Attack Campaign Targeting Software Developers Likely Associated With North Korean Threat Actors
#NPM #DevPopper
2024-04-24
Phylum
Nation-State Threat Actors Renew Publications to npm
#NPM #macOS
2024-04-03
Norfolk
North Korea’s Post-Infection Python Payloads
#LabyrinthChollima #NPM
2024-02-20
Phylum
Fake Developer Jobs Laced With Malware
#NPM
2024-01-05
Phylum
Update to November’s Crypto-Themed npm Attack
#SupplyChain #NPM
2023-12-12
Checkmarx
How North Korea is Compromising Supply Chains
#SupplyChain #NPM
2023-12-08
Qianxin
疑似Lazarus(APT-Q-1)涉及npm包供应链的攻击样本分析
#NPM #APT-Q-1
2023-11-21
PaloaltoNetworks
Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors
#InvisibleFerret #ContagiousInterview #Wagemole #BeaverTail #NPM
2023-11-04
Phylum
Crypto-Themed npm Packages Found Delivering Stealthy Malware
#SupplyChain #NPM
2023-08-02
Checkmarx
Lazarus Group Launches First Open Source Supply Chain Attacks Targeting Crypto Sector
#NPM #JadeSleet
2023-07-27
ReversingLabs
More malicious npm packages found in wake of JumpCloud supply chain hack
#JumpCloud #NPM
2023-07-22
Phylum
June’s Sophisticated npm Attack Attributed to North Korea
#NPM
2023-07-20
SentinelOne
JumpCloud Intrusion | Attacker Infrastructure Links Compromise to North Korean APT Activity
#JumpCloud #NPM
2023-07-18
Tay
Security alert: social engineering campaign targets technology industry employees
#JadeSleet #NPM
2023-07-06
ReversingLabs
Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks
#Brainleeches #NPM
2023-06-23
Phylum
Phylum Discovers Sophisticated Ongoing Attack on NPM
#NPM