The attacks, which involved fake job offers as a social engineering lure, were likely aimed at stealing proprietary information about drone manufacturing, ESET said in a report.

A North Korean man was the focus of Tuesday’s announcement, which also included a Russian man, his companies and North Korean firms.

Socket researchers said the malware-ridden packages were collectively downloaded over 330 times. GitHub removed all of the malicious packages Wednesday.

The Department of Justice also indicted two men tied to the exchange.

The amount stolen last week surpasses what the group was able to steal in all of 2024.

The mixer was sanctioned after a North Korea hacking group used the software to launder more than $455 million.

Researchers can’t tell if the malware was used in a campaign, or North Korean operatives were caught before they could deploy it in the wild.

Two years after it was disclosed, the Log4j vulnerability continues to enable North Korean hacking operations.

Targets of the operation were given phony coding challenges that delivered a range of malware including a previously-unseen backdoor.

"We have a security team, we do our own pentesting, we've got software scanners, we got a CSO ... Nonetheless, they outsmarted us."