In its latest operation, Lazarus took advantage of major gaps in the open-source software supply chain, like developers depending on unvetted packages and the lack of oversight for popular tools that are often maintained by just one or two people.
First seen on therecord.media
Jump to article: therecord.media/north-korean-hackers-targeting-open-source-repositories
