North Korean Lazarus hackers have launched a massive cyber attack, infecting hundreds of users through compromised npm packages, according to recent reports from BleepingComputer.
The notorious Lazarus Group, known for their sophisticated cyber espionage campaigns, has once again demonstrated their capabilities in infiltrating and compromising software supply chains.
npm, or Node Package Manager, is a popular package manager for JavaScript programming language, used by millions of developers worldwide. By compromising npm packages, the Lazarus Group has effectively created a backdoor for malicious code to be executed on infected systems.
The attack is believed to have started with the distribution of tainted npm packages, which were designed to appear legitimate but contained malicious code. Once installed, these packages would establish communication with the attackers' command and control servers, allowing them to exfiltrate sensitive data and potentially take control of infected systems.
The scope of the attack is still being assessed, but it is estimated that hundreds of users have been infected, including developers and organizations that rely on npm packages for their software development needs.
The Lazarus Group is known for its association with the North Korean government and has been linked to several high-profile cyber attacks in the past, including the infamous WannaCry ransomware outbreak in 2017.
Experts warn that this attack highlights the growing threat of software supply chain attacks and the importance of vigilance and security measures in the software development lifecycle.
Developers and organizations are advised to take immediate action to assess their npm package dependencies and ensure that they are not using compromised packages. This includes verifying the authenticity of packages, monitoring for suspicious activity, and implementing robust security controls to prevent similar attacks in the future.