Lazarus Group Expands Malicious Campaign on npm; BadBazaar Targets Tibetans and Uyghurs

The Lazarus Group has expanded its malicious campaign on npm with 11 new packages containing malware loaders and Bitbucket payloads. BadBazaar, a surveillance software for iOS and Android developed by the Chinese APT15 group, has been used to target Tibetans and Uyghurs. GOFFEE continues to attack organizations in Russia.