• DogMuffins
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Whenever I hear about hackers in North Korea I always wonder how they could support a sophisticated info sec agency with advanced capabilities. I guess I just assumed there isn’t really a thriving tech community in NK from which to recruit.

    I honestly don’t know, maybe this attack is as simple as tricking a maintainer into merging a sketchy commit, and not that sophisticated?

    Or do they “purchase capability” from supporters like China or Russia?

    • expertmadman@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      They’re often supported by external resources, like China. There isn’t really a community inside of North Korea to draw from like you’d expect in some more established countries.

      In this case the attackers are targeting technologists and convincing them to collaborate on a git repository somewhere. That git repo includes dependencies that are hosted on npm, and require a specific order of installation to trigger the malicious behavior.

      When the unwitting dev installs thaw deps for the git reo, they receive the malicious payload as well.

    • dubbel
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      This attack does seem to be on the simpler side technically.

      NK recruits their hackers straight from the elite-ish high schools, trains them in computer science, and send them abroad with the objective to earn money through any technical means. How exactly they do it is pretty much up to them.

      I can highly recommend the podcast “The Lazarus Heist” if you want to know more about NKs state hacking ventures: http://www.bbc.co.uk/programmes/w13xtvg9

      RSS address: https://podcasts.files.bbci.co.uk/w13xtvg9.rss