North Korean Hackers Use GitHub for Cyber Espionage Against South Korean Firms

Researchers from FortiGuard Labs identified a high-severity cyber espionage campaign attributed to North Korean hackers targeting South Korean companies. The attackers abused GitHub to host malicious payloads and leveraged PowerShell scripts to execute reconnaissance and data exfiltration on Windows systems. The campaign specifically focused on gathering intelligence from South Korean firms, though no exact dates or CVE IDs were disclosed. Technical details include the use of GitHub repositories to distribute malware and PowerShell-based tools for persistence and lateral movement. The impact involved unauthorized access to sensitive corporate data and potential long-term surveillance of compromised networks.