top of page
ALL POSTS
New Wave of DPRK Attacks Leveraging AI-Generated npm Malware, Shell Companies, and Remote Access Trojans
Key Findings North Korean threat actor Famous Chollima deployed malicious npm packages designed to steal cryptocurrency wallet credentials and source code from developers Campaign codenamed PromptMink features AI-generated malware split across multiple package layers to evade detection Malware evolved from simple JavaScript stealers to sophisticated multi-platform RATs compiled in Rust, capable of establishing SSH backdoors Attack chain leverages legitimate-looking packages a
Apr 303 min read
Drift's $285 Million Durable Nonce Hack: DPRK-Linked Social Engineering Attack Raises Questions About Protocol Security
Key Findings Drift Protocol, a Solana-based decentralized exchange, lost approximately $285 million on April 1, 2026 in a sophisticated social engineering attack Attackers exploited durable nonce mechanisms to obtain unauthorized multisig approvals and gain control of the Security Council administrative powers The attack involved multi-week preparation starting as early as March 23, 2026, with staged execution and pre-signed transactions Threat actors created a fictitious ass
Apr 33 min read
DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies
Key Findings North Korean IT operatives are applying to remote positions using real LinkedIn accounts of individuals they are impersonating The goal is to secure jobs at Western companies and conduct espionage, data theft, and ransomware attacks The threat is tracked by the cybersecurity community as Jasper Sleet, PurpleDelta, and Wagemole The impersonated LinkedIn profiles often have verified workplace emails and identity badges to appear legitimate Once employed, the DPRK w
Feb 112 min read
bottom of page
