Black & White Path

Mar 3, 2026 · Information Security

How North Korean APT Used Steganography and Dead‑Drop Resolvers in 26 Malicious npm Packages

In March 2026, researchers uncovered a supply‑chain attack where a North Korean Lazarus‑linked group published 26 typosquatted npm packages that hide C2 commands via Pastebin steganography and deploy a modular RAT through Vercel, prompting detailed mitigation guidance for developers.