North Korea's Lazarus Group has shifted tactics by developing malware-infested open source software, creating hundreds of deceptive downloads. In the first half of 2025, 234 unique malware packages were identified. This group has transitioned from disruptive actions to infiltrating high-value targets, particularly within the open source ecosystem. In another incident, Hamilton, Canada faced significant financial losses due to a ransomware attack that resulted from incomplete multi-factor authentication implementation, costing the city CAD$18.4 million for recovery efforts after rejecting the ransom demands.
Lazarus Group has increasingly pivoted from disruption to long-term infiltration, using tailored malware, modular payloads, and infrastructure evasion techniques to achieve persistent access to high-value targets - including the open source software ecosystem.
The Canadian city of Hamilton was crippled for weeks by a ransomware attack, with criminals demanding CAD$18.5 million in exchange for decryption keys.
Hamilton's insurance company declined to pay out CAD$5 million in costs, stating the city had broken the contract by not installing multi-factor authentication across its entire network.
The city spent CAD$18.4 million fixing the problem by building a more secure network after refusing to comply with the ransom demand.
Collection
[
|
...
]