In November, the Lazarus group, North Korea’s main cyberespionage and sabotage arm, compromised a Taiwanese multimedia software program firm known as CyberLink and trojanized the installer for certainly one of its industrial purposes. In February, Japan’s CERT reported that Lazarus uploaded malicious Python packages to PyPI, the official Python bundle repository.
One of many risks of campaigns like DEV#POPPER is that some victims who fall for the pretend job interview lure are present workers in search of higher alternatives. As such, they doubtless have credentials and details about tasks as a part of their present jobs, highlighting the significance of treating developer machines as crucial belongings with strict entry management and monitoring.
“Primarily based on the gathered telemetry, no particular development in victimology was recognized,” the Securonix researchers wrote of their new report. “Nonetheless, evaluation of the collected samples revealed victims are primarily scattered throughout South Korea, North America, Europe, and the Center East, indicating that the impression of the assault is widespread.”