Lazarus Group Uses npm Brandjacking Campaign to Target Developers
North Korean Lazarus Group targets npm developers with brandjacking packages that mimic trusted tools, drop malware and put credentials at risk.
Lazarus Group
North Korean state-sponsored group linked to the Reconnaissance General Bureau. Responsible for major financial heists including cryptocurrency theft and the Sony Pictures hack.
Also known as: lazarus group, lazarus, hidden cobra, zinc, diamond sleet, guardian of peace, whois team, applejeus
AI Intelligence Brief cached
Edit Profile
Entity Relationships
Related YARA Rules View all on YARA Rules page →
90-Day Activity
Last 90 Days (7)
Last 90 Days
All Time
North Korea's Lazarus Group uses new RemotePE malware against financial targets
RemotePE is deployed through a multi-stage attack chain involving two loaders, DPAPILoader and RemotePELoader.
Lazarus APT unveils fileless remote access Trojan designed to evade detection
North Korea-linked Lazarus APT Group is using a stealthy memory-only RAT that leaves almost no forensic traces behind.
Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in att...
North Korean Hackers Target Crypto Firms with ClickFix and AI-Made Zoom Lures
Arctic Wolf attributed this large-scale spear-phishing campaign to BlueNoroff, a financially motivated subgroup of the Lazarus Group
Lazarus Doesn't Need AGI
Explore the 2026 Claude Mythos breach, supply chain risks, and the $2B+ crypto theft pipeline.
North Korea Blamed for $290m KelpDAO Crypto Heist
North Korea’s Lazarus Group is pegged for a $290m crypto theft at KelpDAO