"I've traced a confirmed #DPRK IT worker who served as the primary developer of Verida Network's credential verification system" published by meowmfer. #ITWorker, #DPRK, #CTI https://archive.md/FSB2A

"I mapped a cell of 14+ accounts that infiltrated Tokamak Network" published by meowmfer. #ITWorker, #DPRK, #CTI https://archive.md/2rul3

""Taro" is part of a cell I've been calling "215"" published by meowmfer. #ITWorker, #DPRK, #CTI https://archive.md/G9jAA

"Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise" published by Microsoft. #SapphireSleet, #DPRK, #CTI https://www.microsoft.com/en-us/security/blog/2026/04/16/dissecting-sapphire-sleets-macos-intrusion-from-lure-to-compromise/

"Lots of people asking if I make every Asian male I interview insult Kim Jong Un" published by tanuki42. #ITWorker, #DPRK, #CTI https://archive.md/c1Cwk

"Security Incident: Post Mortem" published by Zerion. #Zerion, #DPRK, #CTI https://archive.md/6u2oL

""Hello? I can’t hear you": Investigating UNC1069’s Fake Meeting Tactics" published by Validin. #CabbageRAT, #ClickFix, #UNC1069, #DPRK, #CTI https://www.validin.com/blog/i_cant_hear_you_unc1069/

"North Korea's Safari: Hunting for RATs" published by Bitso. #ClickFix, #FamousChollima, #DPRK, #CTI https://quetzal.bitso.com/p/north-koreas-safari-hunting-for-rats

"APT37’s Pretexting-Based Targeted Intrusion: Analysis of Facebook Reconnaissance and Software Tampering Attacks" published by Genians. #APT37, #RokRat, #DPRK, #CTI https://www.genians.co.kr/en/blog/threat_intelligence/pretexting

"APT37의 프리텍스팅 기반 표적 침투: 페이스북 정찰과 소프트웨어 변조 공격 분석" published by Genians. #APT37, #RokRat, #DPRK, #CTI https://www.genians.co.kr/blog/threat_intelligence/pretexting

"We Dumped a Live Kimsuky C2 and Recovered Every Stage of the Kill Chain: CHM Dropper, VBScript Stager, PowerShell Keylogger" published by Breakglass. #CHM, #Kimsuky, #DPRK, #CTI https://intel.breakglass.tech/post/kimsuky-chm-nidlog-c2-dump-full-payload-recovery

"PolinRider: DPRK Threat Actor Implants Malware in Hundreds of GitHub Repos" published by OSM. #PolinRider, #DPRK, #CTI https://github.com/OpenSourceMalware/PolinRider

"Polymarket Trader Funds at Risk: DPRK npm Package Steals Wallet Keys and Installs SSH Backdoor" published by Panther. #FamousChollima, #NPM, #DPRK, #CTI https://panther.com/blog/polymarket-trader-funds-at-risk-dprk-npm-package-steals-wallet-keys

"Our response to the Axios developer tool compromise" published by OpenAI. #Axios, #DPRK, #CTI https://openai.com/index/axios-developer-tool-compromise/

"Drift Protocol" published by Rekt. #DriftProtocol, #DPRK, #CTI https://rekt.news/ko/drift-protocol-rekt

"Kimsuky APT 组织钓鱼样本分析" published by SadSec. #AppleSeed, #Kimsuky, #DPRK, #CTI https://sadsec.com/redteaming/ir-dprk-apt-phishing/

"Tracking an OtterCookie Infostealer Campaign Across npm" published by Panther. #ContagiousTrader, #NPM, #OtterCookie, #DPRK, #CTI https://panther.com/blog/tracking-an-ottercookie-infostealer-campaign-across-npm

"Graphalgo fake recruiter-test campaign respawned" published by ReversingLabs. #Graphalgo, #DPRK, #CTI https://www.reversinglabs.com/blog/graphalgo-campaign-respawned

"Drift Protocol Hack: How Privileged Access Led to a $285M Loss" published by Chainalysis. #DriftProtocol, #DPRK, #CTI https://www.chainalysis.com/blog/lessons-from-the-drift-hack/

"The axios attack is an extension of the GhostCall campaign by BlueNoroff" published by Kaspersky. #Axios, #BlueNoroff, #NPM, #GhostCall, #SysPhon, #DPRK, #CTI https://archive.md/mRArP

"Recently an unnamed source shared data exfiltrated from an internal North Korean payment server" published by ZachXBT. #ITWorker, #DPRK, #CTI https://archive.md/MdXfV

"Spoofed IT Tools Distribute EtherRAT in Highly Stealthy Campaign Suspected Linked to DPRK APT" published by PhatomCandle. #EtherRAT, #DPRK, #CTI https://medium.com/@phatomcandle/spoofed-it-tools-distribute-etherrat-in-highly-stealthy-campaign-suspected-linked-to-dprk-apt-1aa6beab7dcb

"The Axios Breach: When npm Trust Becomes an APT Attack Vector" published by PolySwarm. #Axios, #NPM, #UNC1069, #DPRK, #CTI https://blog.polyswarm.io/the-axios-breach-when-npm-trust-becomes-an-apt-attack-vector

"Cyber Saga: In the Footsteps of the DPRK IT Workers" published by Group-IB. #ITWorker, #JasperSleet, #DPRK, #CTI https://www.group-ib.com/blog/dprk-fake-remote-developers

"Advisory on DPRK (UNC1069) Fake Microsoft Teams and Zoom calls" published by SecurityAlliance. #UNC1069, #DPRK, #CTI https://radar.securityalliance.org/advisory-on-dprk-unc1069-fake-microsoft-teams-and-zoom-calls/

"North Korea’s Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads" published by Socket. #ContagiousInterview, #DPRK, #CTI https://socket.dev/blog/contagious-interview-campaign-spreads-across-5-ecosystems

"npm Malware, Fake Devs, and Deepfake Videos: These Are A Few of My Favorite DPRK Things" published by NKInternet. #ITWorker, #NPM, #DPRK, #CTI https://nkinternet.com/2026/04/07/npm-malware-fake-devs-and-deepfake-videos-these-are-a-few-of-my-favorite-dprk-things/

"Mapping Ottercookie Infrastructure" published by Walmart. #OtterCookie, #DPRK, #CTI https://medium.com/walmartglobaltech/mapping-ottercookie-infrastructure-1c49f0cd3883

"Blurred Lines of Cyber Threat Attribution: The Evolving Tactics of North Korean Cyber Threat Actors" published by Zscaler. #Kimsuky, #Lazarus, #Slides, #DPRK, #CTI https://www.dailysecu.com/form/html/k-cti/pdf/2026/down-B-1.pdf

"Supply Chain Malware Alert: plain-crypto-js Compromises Axios Packages" published by Resecurity. #Axios, #NPM, #DPRK, #CTI https://www.resecurity.com/blog/article/supply-chain-malware-alert-plain-crypto-js-compromises-axios-packages

"OtterCookie Expands Targeting to AI Coding Tools" published by CyberAndRamen. #NPM, #OtterCookie, #DPRK, #CTI https://cyberandramen.net/2026/04/04/ottercookie-expands-targeting-to-ai-coding-tools-analysis-of-a-trojanized-npm-campaign/

"From Axios NPM Supply Chain Attack to Tracking DPRK’s BlueNoroff" published by DCSO. #Axios, #BlueNoroff, #NPM, #DPRK, #CTI https://medium.com/@DCSO_CyTec/from-axios-npm-supply-chain-attack-to-tracking-dprks-bluenoroff-c9080c9b4ce3

"Axios NPM supply chain incident" published by CiscoTalos. #Axios, #NPM, #DPRK, #CTI https://blog.talosintelligence.com/axois-npm-supply-chain-incident/

"Axios供应链攻击事件再追踪：线索直指Lazarus组织" published by Qihoo360. #Axios, #NPM, #DPRK, #CTI https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247508249&idx=1&sn=d50892ac7b48a52ff293889bb77c800f

"북한 연계 그룹의 AXIOS 공급망 공격" published by SecuI. #Axios, #NPM, #DPRK, #CTI https://stic.secui.com/main/main/threatInfo?id=371&lang=ko

"Code Names, Fake Personas, and Iranian Recruits: New Details from Inside the NKITW Operation" published by Flare. #ITWorker, #DPRK, #CTI https://flare.io/learn/resources/blog/iranian-recruits-inside-the-nkitw-operation

"How we caught the Axios supply chain attack" published by Elastic. #Axios, #NPM, #DPRK, #CTI https://www.elastic.co/security-labs/how-we-caught-the-axios-supply-chain-attack

"Axios npm Backdoored: UNC1069 Deploys Cross-Platform RAT via Supply Chain Attack" published by CybersecSentinel. #Axios, #NPM, #UNC1069, #DPRK, #CTI https://cybersecsentinel.com/axios-npm-backdoored-unc1069-deploys-cross-platform-rat-via-supply-chain-attack/

"Axios npm Supply Chain Attack: Cross-Platform RAT Delivery via Compromised Maintainer Credentials" published by PicusSecurity. #Axios, #NPM, #DPRK, #CTI https://www.picussecurity.com/resource/blog/axios-npm-supply-chain-attack-cross-platform-rat-delivery-via-compromised-maintainer-credentials

"Axios NPM Distribution Compromised in Supply Chain Attack" published by Wiz. #Axios, #NPM, #DPRK, #CTI https://www.wiz.io/blog/axios-npm-compromised-in-supply-chain-attack

"Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads" published by TrendMicro. #Axios, #NPM, #DPRK, #CTI https://www.trendmicro.com/en_us/research/26/c/axios-npm-package-compromised.html

"Axios npm package compromised to deploy malware" published by Sophos. #Axios, #NPM, #DPRK, #CTI https://www.sophos.com/en-us/blog/axios-npm-package-compromised-to-deploy-malware

"Attackers Compromised Axios, NPM Package With Over 100M Weekly Downloads, Rotate Your Keys Now" published by OxSecurity. #Axios, #NPM, #DPRK, #CTI https://www.ox.security/blog/axios-compromised-with-a-malicious-dependency/

"axios compromised on npm: maintainer account hijacked, RAT deployed" published by Aikido. #Axios, #NPM, #DPRK, #CTI https://www.aikido.dev/blog/axios-npm-compromised-maintainer-hijacked-rat

"TasksJacker: Latest DPRK Attack Skips the Fake Interview and Goes Straight to Compromising GitHub Users" published by OSM. #TasksJacker, #VSCode, #DPRK, #CTI https://opensourcemalware.com/blog/tasksjacker-blog-post

"Incident Background Update" published by DriftProtocol. #DriftProtocol, #UNC4736, #DPRK, #CTI https://archive.md/Bdoq7

"Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign" published by Socket. #Axios, #NPM, #DPRK, #CTI https://socket.dev/blog/attackers-hunting-high-impact-nodejs-maintainers

"DPRK Malware Modularity: Diversity and Functional Specialization" published by Domaintools. #Andariel, #Kimsuky, #Lazarus, #Trend, #DPRK, #CTI https://dti.domaintools.com/research/dprk-malware-modularity-diversity-and-functional-specialization

"Axios npm attack: rapid hunting with KQL and response guide" published by NVISO. #Axios, #NPM, #DPRK, #CTI https://blog.nviso.eu/2026/04/03/the-axios-npm-supply-chain-incident-fake-dependency-real-backdoor/

"North Korean Hackers Attack Drift Protocol In USD 285 Million Heist" published by Trmlabs. #DriftProtocol, #DPRK, #CTI https://www.trmlabs.com/resources/blog/north-korean-hackers-attack-drift-protocol-in-285-million-heist