Uploading malicious code to npm is just a setup. The real attack most likely happens elsewhere - on LinkedIn, Telegram, or Discord. North Korean attackers would pose as recruiters, or HR managers in large, reputable tech companies, and would reach out to software developers offering work.

China is using “cultural development” to shape “an ideologically and psychologically friendly environment in North Korea.”

Socket has identified a new malware loader called XORIndex incorporated into malicious packages published to the npm registry, with over 9000 downloads so far

A sign of the shifting outlook toward North Korea is the government’s desire to describe North Korea not as the South’s ‘main enemy’ but simply as

North Korea focuses on improving quality of new solid-fuel missiles and hypersonic weapons, Japan defense white paper says

North Korea appears unlikely to deliberately escalate tensions in the coming year as the regime will prioritize domestic development. However, its nuclear policy, burgeoning relations with Russia, and evolving geopolitical factors will increase the risks of North Korea becoming a flash point in the medium to long term.

Special counsel prosecutors investigating former President Yoon Suk-yeol’s alleged abuse of power conducted sweeping raids on July 14, targeting military and security offices tied to covert drone missions into North Korea last year.

South Korea and the US have not held any discussions on the downsizing or withdrawal of American forces in the country, Foreign minister nominee Cho Hyun said Tuesday.