Malware And CampaignsCampaign

DPRK linked campaigns using LNK files and private GitHub repositories as C2

April 4, 2026Cyber_OSINT

Cyber_OSINT cites FortiGuard reporting that DPRK-linked actors use LNK files and GitHub-based command and control from private repositories to evade detection, exfiltrate system data, and persist via scheduled tasks.

Open in PulseSee the full expert discussion →

QUOTES

FortiGuard notes DPRK-linked campaigns using LNK files and GitHub C2 to evade detection, exfiltrating system data and maintaining persistence via scheduled tasks and C2 from private GitHub repositories.

VOICES

Cyber_OSINT

RELATED TERMS

githubmalicious softwarethreat actorgithubthreat actor

OTHER FINDINGS IN MALWARE AND CAMPAIGNS

Axios npm package compromise, WAVESHAPER.V2 cross platform RAT Handala Hack Telegram threat claiming imminent Lockheed Martin data leak Telnyx PyPI compromise (TeamPCP) shipping malware in telnyx 4.87.1/4.87.2

AMYGDALA PULSE

See what experts are saying right now

This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new expert voices, debates, and emerging ideas.

Open Cyber Security Pulse Browse all topics

← Back to Cyber Security