Famous Chollima
-
North Korean actors publish 26 malicious npm packages that deploy credential stealer and RAT
North Korean-linked actors published 26 malicious npm packages in March 2026 that use Pastebin text steganography and Vercel hosted C2 to deliver a credential stealer and remote access trojan targeting developer systems.
-
Researchers expose North Korean scheme to rent engineer identities for remote jobs
Security researchers say North Korean recruiters tied to Famous Chollima have been soliciting software engineers to rent their identities, using stolen identities, deepfakes and remote access to secure jobs at Western firms and route activity through compromised machines.
