ON
← Back to feed
N. Korean hackers use fake coding tools to steal company secrets: report
KR🏛️ Politics7 hr. ago

N. Korean hackers use fake coding tools to steal company secrets: report

A U.S.-based software security firm, JFrog Security Research, has reported that North Korea-linked hackers used fake coding tools to infiltrate software developers' computers. These malicious packages, disguised as legitimate JavaScript tools, were uploaded to npm, a popular code library. The packages mimicked well-known software like 'rollup-plugin-polyfill-node,' which has over 295,000 weekly downloads. Once activated, they could steal passwords, cryptocurrency wallet data, and sensitive files. The attack method resembles past campaigns by the Lazarus Group, a group associated with North Korean hackers. Researchers noted the sophistication of the attack, including the replication of legitimate project elements like README documentation and repository metadata.

How each side covered it

The same event, grouped by the political lean of the outlets covering it.

How each side covered it

Support independent, bias-aware news and unlock the social pulse, community voting, and your personalized For You feed.

Become a Supporter

Covered around the world

The same event as reported in other countries.

Covered around the world

Support independent, bias-aware news and unlock the social pulse, community voting, and your personalized For You feed.

Become a Supporter

Claims check

Key factual claims, and how many sources assert vs dispute each.

Claims check

Support independent, bias-aware news and unlock the social pulse, community voting, and your personalized For You feed.

Become a Supporter

1 reports

The Korea Herald logoThe Korea HeraldIndependentCenterFactual 85Objective 757 hr. ago
N. Korean hackers use fake coding tools to steal company secrets: report

A U.S.-based software security firm, JFrog Security Research, has reported that North Korea-linked hackers used fake coding tools to infiltrate software developers' computers. These malicious packages, disguised as legitimate JavaScript tools, were uploaded to npm, a popular code library. The packages mimicked well-known software like 'rollup-plugin-polyfill-node,' which has over 295,000 weekly downloads. Once activated, they could steal passwords, cryptocurrency wallet data, and sensitive files. The attack method resembles past campaigns by the Lazarus Group, a group associated with North Korean hackers. Researchers noted the sophistication of the attack, including the replication of legitimate project elements like README documentation and repository metadata.

Bias read (Center): The article presents a factual report on a cyberattack attributed to North Korea-linked hackers without overtly endorsing or criticizing any political stance. It focuses on the technical aspects of the breach and the attribution to a specific hacking group, maintaining a neutral tone throughout.

Why these scores (Factual 85 · Objective 75): Factuality is high as the article accurately reports on JFrog's findings about North Korea-linked hackers using fake coding tools. The information aligns with cross-source consensus on this cybersecurity threat. Objectivity is slightly lower due to the article's emphasis on the potential impact of t

Keep the news honest.

ObjectiveNews is reader-funded and ad-free — we show you the bias instead of hiding it. Support independent journalism for €5/month.

Become a Supporter

Related stories