Security alert: social engineering campaign targets technology industry employees

GitHub has identified a social engineering campaign targeting the personal accounts of employees in technology firms, particularly those in blockchain, cryptocurrency, and online gambling sectors, with some links to cybersecurity. The campaign, attributed to a North Korean group known as Jade Sleet or TraderTraitor, involves creating fake or compromised personas on platforms like LinkedIn, Slack, and Telegram to invite targets to collaborate on GitHub repositories containing malicious npm package dependencies. These packages act as first-stage malware, leading to further malicious activity on victims' devices. GitHub has responded by suspending related npm and GitHub accounts, filing abuse reports with domain hosts, and advising potential targets to scrutinize dependencies, review their security logs, and take precautionary measures like resetting devices and changing passwords if they have been targeted.