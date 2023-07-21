GitHub observed a North Korean threat actor targeting technology firm employees in a new low-volume social engineering campaign. The hackers invite certain employees to collaborate on GitHub repositories containing malicious NPM packages.

The packages can fetch software and infect the victim’s computers with additional malware. The suspected threat actor, Jade Sleet, usually targets accounts connected to the cryptocurrency, gambling, or blockchain industries. Jade Sleet operators impersonate developers or recruiters and even create or hijack accounts on professional and social media sites to boost their legitimacy. The hackers use these accounts to extend the GitHub repository invitations. The code hosting platform noted that no GitHub or NPM systems have been compromised by this campaign thus far.

