Overview
Explore the evolving landscape of nation-state threats in the open-source software supply chain through this informative conference talk. Delve into the activities of North Korea's Lazarus Group, a prominent cyber threat actor operating under the Korean People's Army since 2009. Learn about their recent campaigns targeting software developers through malicious packages in the npm ecosystem. Discover how these attacks, first identified by the Phylum Research Team in June 2023 and later confirmed by GitHub, Microsoft Threat Intelligence, and CISA, have evolved over time. Gain insights into the group's tactics, including their use of remote payloads and social engineering techniques to steal cryptocurrency from job-seeking developers. Understand the significance of these threats and their potential impact on the open-source community, as well as the importance of vigilance in maintaining software supply chain security.
Syllabus
Nation-State Threats in the Open-Source Software Supply Chain - Ross Bryant, Phylum
Taught by
OpenSSF