Signal

DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-04-06 12:02 UTCUpdated 2026-04-06 16:24 UTC

rss

linked_hackers_use

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

The Hacker News · News · thehackernews.com · 2026-04-06 16:24 UTC

North Korean hackers abuse LNKs and GitHub repos in ongoing campaign

CSO Online · News · csoonline.com · 2026-04-06 12:02 UTC

limited source diversity in top sources

View all evidence

Overview

DPRK-linked threat actors are preferring stealth over sophistication in targeting South Korean organizations, as researchers report the use of weaponized Windows shortcut ( .LNK ) files and GitHub-based command-and-control (C2) channels in a new campaign.

Score total

1.02

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

All evidence

DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

The Hacker News · thehackernews.com · 2026-04-06 16:24 UTC

North Korean hackers abuse LNKs and GitHub repos in ongoing campaign

CSO Online · csoonline.com · 2026-04-06 12:02 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

The Hacker News (1)
CSO Online (1)

Top origin domains (this list)

thehackernews.com (1)
csoonline.com (1)