North Korean hackers use ‘poisoned’ Python packages to deliver new backdoors



News North Korean hackers use ‘poisoned’ Python packages to deliver new backdoors Security researchers uncover evolving malware used by DPRK cybercrime groups to infiltrate firms in critical industries Shreyas Reddy September 20, 2024 SHARE COPY LINK FACEBOOK X LINKEDIN MASTODON Illustration of a malicious Python emerging from a computer screen North Korean cybercriminals have been using “poisoned” packages written in the Python programming language to infiltrate victims’ systems and deploy malware, according to a U.S. cybersecurity firm. Palo Alto Networks’ Unit 42 threat research center reported this week that it observed North Korean threat group Citrine Sleet, which the firm tracks under the name Gleaming Pisces, uploading the malicious remote access trojans (RATs) to PyPi, a popular open-source Python repository. Run by the Python Software Foundation (PSF), PyPI allows anyone to upload open-source packages meeting basic requirements and guidelines, however, this potentially opens the door Read More © Korea Risk Group. All rights reserved. No part of this content may be reproduced, distributed, or used for commercial purposes without prior written permission from Korea Risk Group. LATEST ANALYSIS 01North Korea reveals new vertical take-off drones amid ‘modern warfare’ push 02How long-range strikes on Russia could impact North Korean troop deployments 03How North Korean hackers and IT workers collude to cause chaos 04What pro-Trump think tanks reveal about his likely North Korea policy priorities 05Yoon bet on US to deter North Korea. Now he faces an alliance skeptic in Trump. 06All the question marks hanging over Trump’s approach to North Korea in term two 07Time almost up for North Korea’s plan to launch 3 military satellites in 2024 08Trump return rekindles prospects of North Korea talks, but Russia stands in way 09How China could benefit from North Korea’s troop deployment to Ukraine 10New North Korean ICBM delivers big political message, and likely bigger payloads

News

North Korean hackers use ‘poisoned’ Python packages to deliver new backdoors

Security researchers uncover evolving malware used by DPRK cybercrime groups to infiltrate firms in critical industries

Shreyas Reddy September 20, 2024

North Korean hackers use ‘poisoned’ Python packages to deliver new backdoors

Illustration of a malicious Python emerging from a computer screen

North Korean cybercriminals have been using “poisoned” packages written in the Python programming language to infiltrate victims’ systems and deploy malware, according to a U.S. cybersecurity firm.

Palo Alto Networks’ Unit 42 threat research center reported this week that it observed North Korean threat group Citrine Sleet, which the firm tracks under the name Gleaming Pisces, uploading the malicious remote access trojans (RATs) to PyPi, a popular open-source Python repository.

Run by the Python Software Foundation (PSF), PyPI allows anyone to upload open-source packages meeting basic requirements and guidelines, however, this potentially opens the door

01North Korea reveals new vertical take-off drones amid ‘modern warfare’ push
02How long-range strikes on Russia could impact North Korean troop deployments
03How North Korean hackers and IT workers collude to cause chaos
04What pro-Trump think tanks reveal about his likely North Korea policy priorities
05Yoon bet on US to deter North Korea. Now he faces an alliance skeptic in Trump.
06All the question marks hanging over Trump’s approach to North Korea in term two
07Time almost up for North Korea’s plan to launch 3 military satellites in 2024
08Trump return rekindles prospects of North Korea talks, but Russia stands in way
09How China could benefit from North Korea’s troop deployment to Ukraine
10New North Korean ICBM delivers big political message, and likely bigger payloads

North Korean hackers use ‘poisoned’ Python packages to deliver new backdoors

LATEST ANALYSIS

Similar Articles

About the Author

Shreyas Reddy