New Lazarus social engineering campaign targets developers

Malicious NPM package dependencies and repository invitations have been leveraged by North Korean state-backed hacking operation Lazarus Group, also known as TraderTraitor and Jade Sleet, in limited social engineering attacks against cybersecurity, cryptocurrency, blockchain, and online gambling developers in GitHub, reports BleepingComputer.

attacks bleepingcomputer blockchain campaign cryptocurrency cybersecurity dependencies developers engineering gambling github hacking lazarus lazarus group malicious malicious npm north north korean npm npm package package reports repository social social engineering social engineering attacks state threat management tradertraitor vulnerability management