North Korean threat actors
Coverage of North Korean threat actors in the Nexus archive.
- Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images
North Korean threat actors linked to the Contagious Interview campaign are using steganography in SVG image files to hide malicious payloads. These payloads, part of a fake job posting and coding challenge campaign, deliver a four-stage OTTERCOOKIE-aligned malware that steals browser credentials, crypto wallets, and files.
- North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign
North Korean threat actors have published 108 malicious packages and web browser extensions across npm, Packagist, Go, and Google Chrome as part of the PolinRider campaign. The campaign remains active, with new malicious packages likely to continue appearing.
- Humanity Protocol’s $36M hack tied to suspected North Korean hackers: Quantstamp
A $36 million hack on Humanity Protocol is linked to North Korean threat actors, according to Quantstamp. The attack involved a fake Bithumb email, suggesting state-sponsored cyber activity.
- 76% of All Crypto Stolen in 2026 Is Now in North Korea
76% of all cryptocurrency stolen in 2026 is now in North Korea. North Korean threat actors are conducting frequent heists, potentially aided by AI technology.
- Axios NPM Package Compromised in Precision Attack
The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North Korean threat actors. This incident highlights vulnerabilities in package management systems and potential state-sponsored cyber attacks.