security

  • Reverse-Engineering a North-Korean-Style Supply Chain Attack Delivered via Fake Web3 Job Interview

    Full forensic analysis of a targeted supply chain attack delivered through a fake Web3 job interview. A single npm install silently deployed a two-stage RAT: an initial loader that decrypts a second-stage C2 endpoint, exfiltrates the full process environment, and maintains a persistent TCP beacon on port 1224 awaiting operator commands. I got targeted, responded in 45 minutes, then reproduced the entire attack chain in an isolated Hetzner VM and captured the complete C2 protocol.

    4/15/202630 min