north-korea
Safeguard articles tagged "north-korea" — guides, analysis, and best practices for software supply chain and application security.
7 articles
ESET's May 2026 APT Report: Oil Shipments, Drone Makers, and a Poisoned npm Library
ESET's APT Activity Report (May 28, 2026) maps China-, North Korea-, Russia-, and Iran-aligned operations from October 2025 to March 2026 — including BlueNoroff's compromise of the axios npm package, a textbook supply-chain espionage event.
Nation-State Actors Operationalize AI: Inside GTIG's May 2026 Threat Tracker
Google's Threat Intelligence Group documented China, North Korea, Russia, and Iran moving AI from experiment to operations in May 2026 — AI-assisted vulnerability research, LLM-enabled malware, and obfuscated model-access infrastructure.
North Korean Threat Actors Flood npm with Malicious Packages
In 2024, DPRK-linked groups dramatically escalated their campaign to compromise developers through malicious npm packages, using fake job offers and typosquatting to deploy infostealers and backdoors.
Labyrinth Chollima and Open Source Targeting
Labyrinth Chollima's operations show a specific pattern — poisoned open source packages as initial access. A profile of the tradecraft and the defensive response.
JumpCloud Supply Chain Attack: North Korea's Lazarus Group Strikes Again
How North Korean threat actors compromised JumpCloud's infrastructure to target cryptocurrency firms through a sophisticated supply chain attack in July 2023.
3CX Desktop App: Anatomy of a Cascading Breach
How a Trading Technologies installer from 2022 poisoned the 3CX build pipeline in 2023, producing the first publicly confirmed cascading supply chain attack.
Ronin Network Hack: $625 Million Stolen from Axie Infinity's Blockchain Bridge
North Korean hackers stole $625 million from the Ronin Network bridge powering Axie Infinity, exploiting compromised validator keys in what became the largest DeFi hack in history at the time.