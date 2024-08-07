Application security, Supply chain, Threat Intelligence

Malicious npm packages leveraged by North Korean hackers for Windows compromise

Laptop with binary computer code and Korean flag on the screen.

(Adobe Stock)

North Korean threat operation Stressed Pungsan, which is associated with state-backed hacking collective Moonstone Sleet, has sought to compromise Windows systems with a pair of malicious npm packages "harthat-api" and "harthat-hash," reports The Hacker News.

Both packages were not meant to be typosquatted versions of the Ethereum development utility Hardhat as evidenced by their utilization of node-config GitHub repository code, an analysis from Datadog Security Labs showed. Such findings follow separate reports from Microsoft and Checkmarx detailing Moonstone Sleet's usage of malicious npm packages to facilitate infections, with the latter's study noting that the packages resulted in the execution of a rogue DLL that did not result in any compromise, suggesting its premature deployment in the registry. Meanwhile, organizations have been warned by South Korea's National Cyber Security Center regarding intrusions by North Korean advanced persistent threat operations Andariel and Kimsuky that exploited security software and VPN vulnerabilities to distribute the Dora RAT and TrollAgent payloads.

