North Korean Hackers Target Open Source Developers in Supply Chain Attacks 

North Korean Hackers Target Open Source Developers in Supply Chain Attacks 

Keypoints

  • PolinRider targets open source software developers through a broad supply chain campaign.
  • Compromised GitHub repositories deliver the DEV#POPPER RAT and OmniStealer payloads.
  • The campaign affects NPM, Packagist, Go modules, and Chrome extensions.
  • Attackers rewrite Git history to hide malicious changes and make them appear older.
  • Socket found 162 malicious artifacts across 108 packages, including the Xpos587 and sevenspan compromises.

Read More: https://www.securityweek.com/north-korean-hackers-target-open-source-developers-in-supply-chain-attacks/