Lazarus Strikes Again: North Korean Hackers Unleash 234 Malicious Packages on Unsuspecting Developers

North Korean threat actors have unleashed over 200 malicious open source packages, says Sonatype, attributing the campaign to Lazarus Group. This stealthy operation has targeted open source to infiltrate developer environments, potentially compromising 36,000 victims. The goal: long-term access to financial data and espionage, not just mining cryptocurrency.

3P
Published: July 31, 2025 8:43 amAdded: July 31, 2025 at 1:57 amAssembled by: The Editor
Pro Dashboard

Hot Take:

**_North Korean threat actors have taken the “open” in open source a bit too literally, treating it like a buffet of espionage opportunities. With the Lazarus Group hacking their way through npm and PyPI packages like it’s Black Friday for cybercriminals, developers might want to start questioning their “install first, ask questions never” approach._**

Key Points:

– Sonatype blocked 234 malicious npm and PyPI packages in the first half of 2025.
– The campaign is attributed to the notorious Lazarus Group, marking a strategic shift.
– Malicious packages impersonate legitimate libraries, executing multi-stage attacks.
– 120 packages were droppers for additional malware; 90 focused on secrets exfiltration.
– Targeted developers in DevOps-heavy orgs, with compromised systems posing severe risks.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?