Nation-State Threats in the Open-Source Software Supply Chain

Explore the evolving tactics of nation-state actors targeting open-source software developers in this conference talk from BSides SATX. Delve into two recent npm campaigns attributed to North Korea's Lazarus Group, gaining insights into their motivations and methods. Learn how software developers can better defend against these sophisticated threats in the open-source ecosystem. Discover the details of malicious packages published on npm, their impact on job-seeking developers, and the cryptocurrency theft motives behind these campaigns. Gain valuable awareness of the current landscape of nation-state cyber threats in the software supply chain, with a focus on recent activities observed from June 2023 to February 2024. No prior knowledge of malware or malicious code is required for this 25-minute presentation suitable for all audiences.

2024-06-08, 12:00–, Track 3 Moody Rm 102