North Korean Hackers Hijack Open-Source Project in Prolonged Attack

North Korean hackers compromised a widely used open-source project by hijacking a top developer’s computer and distributing malicious updates as part of a prolonged campaign. The attack was likely planned over weeks, involving social engineering tactics to gain access. No specific project name, technical indicators, or exact timeline (beyond "weeks") were disclosed in the report. The incident highlights the targeting of open-source maintainers to propagate supply chain attacks. No CVE IDs or quantifiable impacts (e.g., affected users, systems) were provided.