ReversingLabs described Operation Brainleeches as a malicious npm campaign in which more than a dozen packages supported both Microsoft 365 phishing and software supply-chain compromise. The first tranche hosted files for phishing emails that launched fake Microsoft login pages and harvested user data, while the second tranche could also implant credential-harvesting scripts into applications that incorporated the packages. The packages mimicked legitimate modules such as jquery, were published by new or thin maintainer accounts between May and June 2023, and contained obfuscated files that signaled malicious intent. The report frames the activity as a dual-use abuse of open-source package infrastructure rather than a DPRK-attributed operation in the provided excerpt.