Lazarus Group’s Covert Supply Chain Attack: North Korean APT Poisons Open Source to Steal Developer Secrets

In the first half of 2025, Sonatype uncovered a large-scale, ongoing assault on the open-source software ecosystem, orchestrated by the North Korean threat actor known as Lazarus. Sonatype’s automated malware detection systems were the...