Forensic Summary
North Korean threat group Famous Chollima (Shifty Corsair) has weaponised AI-assisted code generation to embed malicious npm packages into autonomous AI agent projects, targeting cryptocurrency wallets. The campaign, dubbed PromptMink, exploited Anthropic's Claude Opus to co-author a malicious dependency commit, demonstrating a novel abuse of LLM coding agents for supply chain infiltration. The attack uses a multi-layer dependency structure to evade detection, with second-layer malicious packages swiftly rotated when identified.
Read the full technical deep-dive on Grid the Grey: https://gridthegrey.com/posts/dprk-actors-use-claude-llm-to-inject-malware-into-npm-supply-chain/
Top comments (0)