Forget the usual malware droppers. DPRK hackers are phishing South Korean orgs with LNK files that masquerade as PDFs, then pivot to GitHub for C2. It's a slick architectural shift that's hard to block.
Imagine clicking a phishing link that seems legit, only for it to phone home to GitHub—your friendly code-sharing site—now a North Korean spy hub. South Korean firms are in the crosshairs, but this tactic's reach could go global fast.
North Korean hackers didn't smash windows at Drift—they wined, dined, and Telegram-chatted devs for six months before pocketing $285 million. This wasn't brute force; it was a masterclass in patience and deception.
Your next npm install could drop a North Korean RAT on your machine. That's the brutal reality for devs worldwide after the Axios supply chain attack—and it's already hit finance, tech, and healthcare.