DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

Published: 0 month ago (April 6, 2026 at 12:24 PM EDT)

1 min read

Source: The Hacker News

Threat actors likely associated with the Democratic People’s Republic of Korea (DPRK) have been observed using GitHub as command‑and‑control (C2) infrastructure in multi‑stage attacks targeting organizations in South Korea. The attack chain, per Fortinet FortiGuard Labs, involves obfuscated Windows shortcut (LNK) files acting as the starting point to drop a decoy PDF.

Back to Blog

Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations

Overview An Iran‑nexus threat actor is suspected to be behind a password‑spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid t...

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid‑2025, following a two‑year period of minimal targe...

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large‑scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database creden...

The State of Trusted Open Source Report

In December 2025, we shared the first‑ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open‑source co...

Related posts

Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

The State of Trusted Open Source Report