North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms

North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern counterpart between March and July 2025.

The activity manifested in the form of at least 19 spear-phishing emails that impersonated trusted diplomatic contacts with the goal of luring embassy staff and foreign ministry personnel with convincing meeting invites, official letters, and event invitations.

“The attackers leveraged GitHub, typically known as a legitimate developer platform, as a covert command-and-control channel,” Trellix researchers Pham Duy Phuc and Alex Lanstein said.

Read More:

https://thehackernews.com/2025/08/north-korea-uses-github-in-diplomat.html

Skip to content