North Korean hackers compromised top developer to hijack widely used open source project

North Korean state-sponsored hackers executed a weeks-long operation to compromise a leading developer's computer and push malicious updates to one of the web's most widely used open source projects, security researchers reported Monday. The attack, attributed to the Lazarus Group or affiliated actors, involved persistent access to the developer's machine to prepare and distribute tainted code updates to the software supply chain. The compromise represents a significant escalation in North Korea's software supply chain attacks, demonstrating patience and operational security previously associated with Russian and Chinese advanced persistent threat groups. The targeted open source project, which serves millions of downstream users and applications, has not been publicly identified pending notification and remediation efforts. Security analysts said the incident highlights the vulnerability of open source maintainers, who often operate with minimal resources and security infrastructure despite their critical role in global software supply chains. The attack methodology suggests reconnaissance and preparation phases lasting several weeks before the malicious payload deployment.