DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
06 April 2026
Threat actors likely associated with the Democratic People's Republic of Korea (DPRK) have been observed using GitHub as command-and-control (C2) infrastructure in multi-stage attacks targeting organizations in South Korea.
The attack chain, per Fortinet FortiGuard Labs, involves obfuscated Windows shortcut (LNK) files acting as the starting point to drop a decoy PDF