북한 라자루스(Lazarus) 그룹이 배포한 악성 npm 패키지 감염 사례
2025-03-17 • Logpresso • Infection Cases Involving Malicious npm Packages Distributed by North Korea’s Lazarus Group •
Lazarus is reported to have distributed six malicious npm packages through typosquatting and package impersonation, exposing developers to credential theft, sensitive data collection, backdoor installation, and malicious code execution during software builds. The campaign is a supply-chain threat because compromised developer environments can propagate risk into applications and downstream users who trust packages pulled from the npm ecosystem.
Indicators of Compromise
Related Actors
Related Reports
2025-03-10 •
81% Match
#NPM
#Lazarus
#T1027.013
#T1082
#T1119
#T1005
#T1041
#T1608.001
#T1195.002
#T1083
#T1059.007
#T1204.002
#T1555.003
#T1105
#T1657
#T1555.001
#T1546.016
#T1217
Shares tags: NPM, Lazarus • Shares 2 IOCs • Published within a week
Shares tags: NPM, Lazarus • Published within a month
2025-04-04 •
80% Match
Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads
Socket
Shares tags: NPM, Lazarus • Shares 1 IOC • Published within a month
Shares tags: NPM, Lazarus
Shares tags: NPM, Lazarus
Shares tags: NPM, Lazarus