The North Korean threat group has been keeping up its job recruitment ploys, to steal developers’ corporate codebases and secrets

Cybersecurity analysts believe this approach is part of the threat group’s August 2023 “VMConnect campaign” on open source repositories. According to Keeper Security’s VP (Security & Compliance), Patrick Tiquet, state-sponsored threat actors are “blending human manipulation with technical exploitation, highlighting the necessity for everyone to stay vigilant.” This means:

  • For developers, this serves as a wake-up call that even something as routine as a coding test can be used as a tool for attack. Additionally, the fact that malicious software is being delivered through repositories like PyPI shows how easily attackers can exploit familiar channels.
  • Software supply chain security needs to be bolstered: not just for production code, but also for pre-production development code. “Malicious packages can be inserted into the development process long before the code reaches production, putting entire projects at risk,” Tiquet noted.