BeaverTail

Report: North Korean-linked PurpleBravo targeted 3,136 IPs and 20 companies

Cybercrime, News, Research

January 22, 2026

Recorded Future’s technical analysis found PurpleBravo targeted 3,136 IPs and claimed 20 potential victim companies across multiple regions from August 2024 to September 2025, using infostealers and backdoors to create supply-chain risk.
North Korean linked actors use malicious VS Code projects to deploy backdoor

Cybercrime, News, Research

January 21, 2026

Jamf reported North Korean linked actors abused Visual Studio Code task files to execute obfuscated JavaScript that fetches backdoors and enables remote code execution targeting developers who clone and open repositories.
North Korean actors push 197 malicious packages to npm to deploy OtterCookie variant

Cybercrime, Research, Risk, Vulnerabilities

November 29, 2025

Researchers say North Korean actors uploaded 197 malicious npm packages, downloaded over 31,000 times, to deploy an OtterCookie variant that evades sandboxes, establishes C2 access and steals credentials and crypto data; delivery used a Vercel URL and a now-unavailable GitHub account, and the campaign has also employed fake job-assessment lures to distribute Go-based backdoors.
ScarCruft Uses RokRAT in HanKook Phantom Campaign Targeting South Korea

Cybercrime, News, Privacy, Risk

September 1, 2025

Researchers have uncovered a targeted phishing campaign by North Korea-linked ScarCruft (APT37), dubbed Operation HanKook Phantom, delivering RokRAT to South Korean academics, former officials, and researchers via a manipulated LNK attack chain and PowerShell-based payloads, with exfiltration to multiple cloud services and a willingness to use decoy documents tied to high-profile statements.

BeaverTail

Report: North Korean-linked PurpleBravo targeted 3,136 IPs and 20 companies

North Korean linked actors use malicious VS Code projects to deploy backdoor

North Korean actors push 197 malicious packages to npm to deploy OtterCookie variant

ScarCruft Uses RokRAT in HanKook Phantom Campaign Targeting South Korea