Malware And CampaignsCampaign

North Korean espionage campaigns abuse GitHub and fake documents

April 3, 2026Hackread.com, Nicolas Krassas, 780th Military Intelligence Brigade (Cyber)

Hackread.com and others report DPRK-linked activity using GitHub infrastructure and lure files like fake PDFs and LNKs to spy on South Korean firms, showing GitHub as recurring C2 or staging in nation-state tradecraft.

Open in PulseSee the full expert discussion →

QUOTES

Researchers spot North Korean hackers using GitHub and fake PDFs to spy on South Korean firms in a high-severity cyber campaign.

North Korean Hackers Abuse GitHub to Spy on South Korean Firms

How DPRK actors use LNK files and GitHub C2 to evade detection and maintain persistence

VOICES

Hackread.com

Nicolas Krassas

780th Military Intelligence Brigade (Cyber)

RELATED TERMS

malwaregithubc2githubmalware

OTHER FINDINGS IN MALWARE AND CAMPAIGNS

Axios npm package compromise, WAVESHAPER.V2 cross platform RAT Handala Hack Telegram threat claiming imminent Lockheed Martin data leak Telnyx PyPI compromise (TeamPCP) shipping malware in telnyx 4.87.1/4.87.2

AMYGDALA PULSE

See what experts are saying right now

This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new expert voices, debates, and emerging ideas.

Open Cyber Security Pulse Browse all topics

← Back to Cyber Security