Find notable cyber news and cases, enriched with sources, timelines, and signals.

Lazarus Group graphalgo recruitment-themed package campaign

Campaign
First reported
Last updated
Happening score
H score 38
2 unique sources, 2 articles

Summary

Hide ▲

The North Korea-linked Lazarus Group is running graphalgo, an active fake recruitment-themed package campaign that is targeting developers through npm and PyPI. The operation matters because the malicious dependencies are used to install a remote access trojan and probe for MetaMask on infected systems. One package, bigmathutils, drew more than 10,000 downloads before the malicious version was released, broadening exposure.

Related Happenings

North Korean Contagious Interview PolinRider supply-chain campaign

Campaign
H score51 First: 04.07.2026 14:17 Last: 04.07.2026 14:17 Sources 1

About this happening: The **Contagious Interview / PolinRider** campaign is still active, with **108 unique packages and browser extensions** published across **npm, Packagist, Go, and Google Chrome**....

PolinRider GitHub supply-chain campaign delivering BeaverTail and InvisibleFerret

Campaign
H score9 First: 23.06.2026 11:54 Last: 23.06.2026 11:54 Sources 1

About this happening: A **North Korean** supply-chain campaign dubbed **PolinRider** is injecting obfuscated JavaScript into compromised **GitHub repositories**, exposing developers to staged malware d...

Easy-day-js Mastra package-publishing campaign

Campaign
H score30 First: 17.06.2026 10:38 Last: 17.06.2026 10:38 Sources 1

About this happening: The **easy-day-js** campaign mass-published more than **140 malicious npm packages** across the **@mastra/*** namespace, creating broad supply-chain exposure for developers and bu...

North Korea-aligned developer-targeting operations shift from fake interviews to recruitment phishing at scale

Threat Actor Meta
H score31 First: 15.06.2026 22:32 Last: 15.06.2026 22:32 Sources 1

About this happening: North Korea-aligned developer-targeting operations are shifting from **fake interviews** to **recruitment-themed phishing** at scale, increasing the risk of industrialized **crede...

Contagious Interview UNK_DeadDrop GitHub phishing campaign

Campaign
H score37 First: 15.06.2026 22:32 Last: 15.06.2026 22:32 Sources 1

About this happening: The **Contagious Interview** cluster is running the **UNK_DeadDrop** phishing campaign to lure developers with **recruitment** and **code review** themes, reaching **nearly 100 or...

Timeline

  1. 12.02.2026 18:55 2 articles · 4mo ago

    North Korea-linked graphalgo recruitment campaign disclosed

    Initial Disclosure

    Researchers disclosed a North Korea-linked Lazarus Group campaign targeting developers through fake blockchain and cryptocurrency job lures, where the graphalgo package cluster on npm and PyPI delivers a remote access trojan, was assessed active since May 2025, and checks infected systems for the MetaMask browser extension.

    Show sources