north_korean_npm_attackers
The North Korean npm attackers are a threat actor group attributed to North Korea, known for leveraging GitHub infrastructure to conduct attacks against npm repositories. Their campaigns, referred to as 'Contagious Interview,' involve targeting the npm supply chain, compromising repositories, and potentially distributing malicious packages to downstream users. The group demonstrates advanced supply chain attack capabilities and has targeted a wide range of npm repositories, with incidents exposing over 25,000 repositories. Their tactics include abusing trusted developer infrastructure (such as GitHub and npm) to maximize reach and impact. No specific sub-groups or aliases are mentioned in the provided content.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
North Korean threat actors are leveraging GitHub infrastructure to conduct npm-based supply chain attacks, known as 'Contagious Interview', targeting software supply chains.
North Korean threat actors are leveraging GitHub infrastructure to conduct npm-based supply chain attacks, known as 'Contagious Interview'.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.