{"id":3109612,"date":"2026-04-06T09:43:25","date_gmt":"2026-04-06T16:43:25","guid":{"rendered":"https:\/\/techcrunch.com\/?p=3109612"},"modified":"2026-04-06T14:38:54","modified_gmt":"2026-04-06T21:38:54","slug":"north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making","status":"publish","type":"post","link":"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/","title":{"rendered":"North Korea&#8217;s hijack of one of the web&#8217;s most used open source projects was likely weeks in the making"},"content":{"rendered":"\n<p id=\"speakable-summary\" class=\"wp-block-paragraph\">A North Korean cyberattack that last Monday <a href=\"https:\/\/techcrunch.com\/2026\/03\/31\/hacker-hijacks-axios-open-source-project-used-by-millions-to-push-malware\/\" target=\"_blank\" rel=\"noreferrer noopener\">briefly hijacked<\/a> one of the most widely used open source projects on the web took weeks to carry out as part of a long-running campaign to target the code&#8217;s top developers.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The hijacking of the Axios project on March 31 was in part successful because it relied on well-resourced hackers building rapport and trust with their intended target over a long period of time to increase their odds of a successful eventual compromise. This kind of hack highlights the security challenges that developers of popular open source projects can face, at a time when government hackers and cybercriminals alike are targeting widely used projects for their ability to access, in some cases, millions of devices worldwide.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Jason Saayman, who maintains the popular Axios project that developers use to connect their apps to the internet, provided <a href=\"https:\/\/github.com\/axios\/axios\/issues\/10636\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">a postmortem<\/a> with a timeline of the hack. He shared that the hackers began their targeting campaign around two weeks before eventually gaining control of his computer to push out malicious code.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">By posing as a real company, creating a realistic-looking Slack workspace, and using fake profiles of its employees to build credibility, Saayman <a href=\"https:\/\/github.com\/axios\/axios\/issues\/10636#issuecomment-4180237789\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">said<\/a> the suspected North Korean hackers then invited him into a web meeting that prompted him to download malware masquerading as an update necessary to access the call. Saayman said the lure <a href=\"https:\/\/techcrunch.com\/2024\/11\/28\/north-korean-hackers-have-stolen-billions-in-crypto-by-posing-as-vcs-recruiters-and-it-workers\/\" target=\"_blank\" rel=\"noreferrer noopener\">mimicked a technique<\/a> used by North Korean hackers that tricks would-be victims into granting the hackers remote access to their system, often to steal their cryptocurrency.\u00a0<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This attack, Saayman said, mimicked earlier hacks <a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/unc1069-targets-cryptocurrency-ai-social-engineering\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">attributed to North Korea<\/a> by security researchers at Google.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">After compromising and gaining remote access to Saayman&#8217;s computer, the hackers then released the malicious updates to the Axios project.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The two malicious Axios packages, pulled some three hours after they were first published on March 31, may have still infected thousands of systems during that window, though the full breadth of the mass hack is not yet fully clear. Any computer that installed a malicious version of the software during this time may have allowed the hackers to steal their private keys, credentials, and passwords from that computer, which can lead to further breaches.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Saayman did not immediately respond to an email with questions about the incident.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">North Korean hackers remain one of the most active cyber threats on the internet today, blamed for the theft of at least <a href=\"https:\/\/techcrunch.com\/2025\/10\/07\/north-korean-hackers-stole-over-2-billion-in-crypto-so-far-in-2025-researchers-say\/\" target=\"_blank\" rel=\"noreferrer noopener\">$2 billion in cryptocurrency<\/a> in 2025 alone.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The Kim Jong Un regime remains under international sanctions and banned from the global financial network for violating a ban on its nuclear weapons development program, which the country funds in large part by launching cyberattacks and stealing cryptocurrency.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">North Korea is <a href=\"https:\/\/www.38north.org\/2026\/01\/from-digital-kleptocracy-to-rogue-crypto-superpower\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">believed to have thousands<\/a> of highly organized hackers \u2014 the majority of whom are working against their will under the repressive Kim regime. These hackers spend weeks or months carrying out complex social engineering attacks aimed at gaining trust and eventually access to steal cryptocurrency and data to extort their victims.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>North Korean hackers pushed out malicious updates to a popular open source project by hacking a top developer&#8217;s computer in a long-running campaign.<\/p>\n","protected":false},"author":133574210,"featured_media":3109614,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"tc-featured-article":false,"tc-header-option":"","tc-breaking-news":false,"tc-article-brief":false,"carmot_uuid":"","apple_news_api_created_at":"2026-04-06T16:43:30Z","apple_news_api_id":"8ca90d77-b94b-4710-b6e9-7b18bdb8095c","apple_news_api_modified_at":"2026-04-06T21:35:54Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAA==","apple_news_api_share_url":"https:\/\/apple.news\/AjKkNd7lLRxC26XsYvbgJXA","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":[],"apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"tc_subtitle":"","tc_featured_image_disabled":false,"tc_exclude_from_rss_feed":false,"tc_exclude_from_content_rivers":false,"footnotes":""},"categories":[21587494],"tags":[6148720,965824,4333,25,17483],"tc_region":[],"tc_event":[],"tc_storyline_tax":[],"coauthors":[576607994],"class_list":["post-3109612","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-cyberattack","tag-cybersecurity","tag-north-korea","tag-open-source","tag-social-engineering"],"apple_news_notices":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.1 (Yoast SEO v25.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>North Korea&#039;s hijack of one of the web&#039;s most used open source projects was likely weeks in the making | TechCrunch<\/title>\n<meta name=\"description\" content=\"North Korean hackers pushed out malicious updates to a popular open source project by hacking a top developer&#039;s computer in a long-running campaign.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"North Korea&#039;s hijack of one of the web&#039;s most used open source projects was likely weeks in the making | TechCrunch\" \/>\n<meta property=\"og:description\" content=\"North Korean hackers pushed out malicious updates to a popular open source project by hacking a top developer&#039;s computer in a long-running campaign.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/\" \/>\n<meta property=\"og:site_name\" content=\"TechCrunch\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/techcrunch\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-06T16:43:25+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-06T21:38:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/techcrunch.com\/wp-content\/uploads\/2026\/04\/north-korea-883518520.jpg?resize=1200,885\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"885\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Zack Whittaker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@TechCrunch\" \/>\n<meta name=\"twitter:site\" content=\"@TechCrunch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Zack Whittaker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/\"},\"author\":{\"name\":\"Zack Whittaker\",\"@id\":\"https:\/\/techcrunch.com\/#\/schema\/person\/f06276d38f71bd2a876003b492b0b4de\"},\"headline\":\"North Korea&#8217;s hijack of one of the web&#8217;s most used open source projects was likely weeks in the making\",\"datePublished\":\"2026-04-06T16:43:25+00:00\",\"dateModified\":\"2026-04-06T21:38:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/\"},\"wordCount\":518,\"publisher\":{\"@id\":\"https:\/\/techcrunch.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/techcrunch.com\/wp-content\/uploads\/2026\/04\/north-korea-883518520.jpg\",\"keywords\":[\"cyberattack\",\"cybersecurity\",\"North Korea\",\"open source\",\"social engineering\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\",\"copyrightYear\":\"2026\",\"copyrightHolder\":{\"@id\":\"https:\/\/techcrunch.com\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/\",\"url\":\"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/\",\"name\":\"North Korea's hijack of one of the web's most used open source projects was likely weeks in the making | TechCrunch\",\"isPartOf\":{\"@id\":\"https:\/\/techcrunch.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/techcrunch.com\/wp-content\/uploads\/2026\/04\/north-korea-883518520.jpg\",\"datePublished\":\"2026-04-06T16:43:25+00:00\",\"dateModified\":\"2026-04-06T21:38:54+00:00\",\"description\":\"North Korean hackers pushed out malicious updates to a popular open source project by hacking a top developer's computer in a long-running campaign.\",\"breadcrumb\":{\"@id\":\"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/#primaryimage\",\"url\":\"https:\/\/techcrunch.com\/wp-content\/uploads\/2026\/04\/north-korea-883518520.jpg\",\"contentUrl\":\"https:\/\/techcrunch.com\/wp-content\/uploads\/2026\/04\/north-korea-883518520.jpg\",\"width\":1995,\"height\":1471,\"caption\":\"North Korean soldiers attend a mass rally to celebrate the North's declaration on November 29 it had achieved full nuclear statehood, on Kim Il-Sung Square in Pyongyang on December 1, 2017. North Korea's leader Kim Jong-Un declared the country had achieved a \\\"historic cause\\\" of becoming a nuclear state, its state media said on November 29, after the country tested an intercontinental ballistic missile earlier in the day. (Photo by Kim Won-Jin \/ AFP)\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/techcrunch.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"North Korea&#8217;s hijack of one of the web&#8217;s most used open source projects was likely weeks in the making\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/techcrunch.com\/#website\",\"url\":\"https:\/\/techcrunch.com\/\",\"name\":\"TechCrunch\",\"description\":\"Startup and Technology News\",\"publisher\":{\"@id\":\"https:\/\/techcrunch.com\/#organization\"},\"alternateName\":\"TC\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/techcrunch.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/techcrunch.com\/#organization\",\"name\":\"TechCrunch\",\"alternateName\":\"TC\",\"url\":\"https:\/\/techcrunch.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/techcrunch.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/techcrunch.com\/wp-content\/uploads\/2018\/04\/tc-logo-2018-square-reverse2x.png?resize=1200,1200\",\"contentUrl\":\"https:\/\/techcrunch.com\/wp-content\/uploads\/2018\/04\/tc-logo-2018-square-reverse2x.png?resize=1200,1200\",\"width\":1200,\"height\":1200,\"caption\":\"TechCrunch\"},\"image\":{\"@id\":\"https:\/\/techcrunch.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/techcrunch\",\"https:\/\/x.com\/TechCrunch\",\"https:\/\/mstdn.social\/@TechCrunch\",\"https:\/\/bsky.app\/profile\/techcrunch.com\",\"https:\/\/www.threads.net\/@techcrunch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/techcrunch.com\/#\/schema\/person\/f06276d38f71bd2a876003b492b0b4de\",\"name\":\"Zack Whittaker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/techcrunch.com\/#\/schema\/person\/image\/46dbec761164bf931155cde6408cd079\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/1099c2a5bc8d3b9d36c58466359702654ca1d0824999adb24660b78d8e685d76?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/1099c2a5bc8d3b9d36c58466359702654ca1d0824999adb24660b78d8e685d76?s=96&d=identicon&r=g\",\"caption\":\"Zack Whittaker\"},\"description\":\"Zack Whittaker is the security editor at TechCrunch. You can send tips securely via Signal and WhatsApp to +1 646-755-8849. He can also be reached by email at zack.whittaker@techcrunch.com.\",\"sameAs\":[\"https:\/\/mastodon.social\/@zackwhittaker\"],\"url\":\"https:\/\/techcrunch.com\/author\/zack-whittaker\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"North Korea's hijack of one of the web's most used open source projects was likely weeks in the making | TechCrunch","description":"North Korean hackers pushed out malicious updates to a popular open source project by hacking a top developer's computer in a long-running campaign.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/","og_locale":"en_US","og_type":"article","og_title":"North Korea's hijack of one of the web's most used open source projects was likely weeks in the making | TechCrunch","og_description":"North Korean hackers pushed out malicious updates to a popular open source project by hacking a top developer's computer in a long-running campaign.","og_url":"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/","og_site_name":"TechCrunch","article_publisher":"https:\/\/www.facebook.com\/techcrunch","article_published_time":"2026-04-06T16:43:25+00:00","article_modified_time":"2026-04-06T21:38:54+00:00","og_image":[{"width":1200,"height":885,"url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2026\/04\/north-korea-883518520.jpg?resize=1200,885","type":"image\/jpeg"}],"author":"Zack Whittaker","twitter_card":"summary_large_image","twitter_creator":"@TechCrunch","twitter_site":"@TechCrunch","twitter_misc":{"Written by":"Zack Whittaker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/#article","isPartOf":{"@id":"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/"},"author":{"name":"Zack Whittaker","@id":"https:\/\/techcrunch.com\/#\/schema\/person\/f06276d38f71bd2a876003b492b0b4de"},"headline":"North Korea&#8217;s hijack of one of the web&#8217;s most used open source projects was likely weeks in the making","datePublished":"2026-04-06T16:43:25+00:00","dateModified":"2026-04-06T21:38:54+00:00","mainEntityOfPage":{"@id":"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/"},"wordCount":518,"publisher":{"@id":"https:\/\/techcrunch.com\/#organization"},"image":{"@id":"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/#primaryimage"},"thumbnailUrl":"https:\/\/techcrunch.com\/wp-content\/uploads\/2026\/04\/north-korea-883518520.jpg","keywords":["cyberattack","cybersecurity","North Korea","open source","social engineering"],"articleSection":["Security"],"inLanguage":"en-US","copyrightYear":"2026","copyrightHolder":{"@id":"https:\/\/techcrunch.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/","url":"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/","name":"North Korea's hijack of one of the web's most used open source projects was likely weeks in the making | TechCrunch","isPartOf":{"@id":"https:\/\/techcrunch.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/#primaryimage"},"image":{"@id":"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/#primaryimage"},"thumbnailUrl":"https:\/\/techcrunch.com\/wp-content\/uploads\/2026\/04\/north-korea-883518520.jpg","datePublished":"2026-04-06T16:43:25+00:00","dateModified":"2026-04-06T21:38:54+00:00","description":"North Korean hackers pushed out malicious updates to a popular open source project by hacking a top developer's computer in a long-running campaign.","breadcrumb":{"@id":"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/#primaryimage","url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2026\/04\/north-korea-883518520.jpg","contentUrl":"https:\/\/techcrunch.com\/wp-content\/uploads\/2026\/04\/north-korea-883518520.jpg","width":1995,"height":1471,"caption":"North Korean soldiers attend a mass rally to celebrate the North's declaration on November 29 it had achieved full nuclear statehood, on Kim Il-Sung Square in Pyongyang on December 1, 2017. North Korea's leader Kim Jong-Un declared the country had achieved a \"historic cause\" of becoming a nuclear state, its state media said on November 29, after the country tested an intercontinental ballistic missile earlier in the day. (Photo by Kim Won-Jin \/ AFP)"},{"@type":"BreadcrumbList","@id":"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/techcrunch.com\/"},{"@type":"ListItem","position":2,"name":"North Korea&#8217;s hijack of one of the web&#8217;s most used open source projects was likely weeks in the making"}]},{"@type":"WebSite","@id":"https:\/\/techcrunch.com\/#website","url":"https:\/\/techcrunch.com\/","name":"TechCrunch","description":"Startup and Technology News","publisher":{"@id":"https:\/\/techcrunch.com\/#organization"},"alternateName":"TC","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/techcrunch.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/techcrunch.com\/#organization","name":"TechCrunch","alternateName":"TC","url":"https:\/\/techcrunch.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techcrunch.com\/#\/schema\/logo\/image\/","url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2018\/04\/tc-logo-2018-square-reverse2x.png?resize=1200,1200","contentUrl":"https:\/\/techcrunch.com\/wp-content\/uploads\/2018\/04\/tc-logo-2018-square-reverse2x.png?resize=1200,1200","width":1200,"height":1200,"caption":"TechCrunch"},"image":{"@id":"https:\/\/techcrunch.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/techcrunch","https:\/\/x.com\/TechCrunch","https:\/\/mstdn.social\/@TechCrunch","https:\/\/bsky.app\/profile\/techcrunch.com","https:\/\/www.threads.net\/@techcrunch"]},{"@type":"Person","@id":"https:\/\/techcrunch.com\/#\/schema\/person\/f06276d38f71bd2a876003b492b0b4de","name":"Zack Whittaker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techcrunch.com\/#\/schema\/person\/image\/46dbec761164bf931155cde6408cd079","url":"https:\/\/secure.gravatar.com\/avatar\/1099c2a5bc8d3b9d36c58466359702654ca1d0824999adb24660b78d8e685d76?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1099c2a5bc8d3b9d36c58466359702654ca1d0824999adb24660b78d8e685d76?s=96&d=identicon&r=g","caption":"Zack Whittaker"},"description":"Zack Whittaker is the security editor at TechCrunch. You can send tips securely via Signal and WhatsApp to +1 646-755-8849. He can also be reached by email at zack.whittaker@techcrunch.com.","sameAs":["https:\/\/mastodon.social\/@zackwhittaker"],"url":"https:\/\/techcrunch.com\/author\/zack-whittaker\/"}]}},"parsely":{"version":"1.1.0","canonical_url":"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/","smart_links":{"inbound":0,"outbound":0},"traffic_boost_suggestions_count":0,"meta":{"@context":"https:\/\/schema.org","@type":"NewsArticle","headline":"North Korea&#8217;s hijack of one of the web&#8217;s most used open source projects was likely weeks in the making","url":"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/","mainEntityOfPage":{"@type":"WebPage","@id":"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/"},"thumbnailUrl":"https:\/\/techcrunch.com\/wp-content\/uploads\/2026\/04\/north-korea-883518520.jpg?w=150","image":{"@type":"ImageObject","url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2026\/04\/north-korea-883518520.jpg"},"articleSection":"Security","author":[{"@type":"Person","name":"Zack Whittaker"}],"creator":["Zack Whittaker"],"publisher":{"@type":"Organization","name":"TechCrunch","logo":"https:\/\/techcrunch.com\/wp-content\/uploads\/2015\/02\/cropped-cropped-favicon-gradient.png"},"keywords":["open source","north korea","cybersecurity","social engineering","cyberattack"],"dateCreated":"2026-04-06T16:43:25Z","datePublished":"2026-04-06T16:43:25Z","dateModified":"2026-04-06T21:38:54Z"},"rendered":"<meta name=\"parsely-title\" content=\"North Korea&#8217;s hijack of one of the web&#8217;s most used open source projects was likely weeks in the making\" \/>\n<meta name=\"parsely-link\" content=\"https:\/\/techcrunch.com\/2026\/04\/06\/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making\/\" \/>\n<meta name=\"parsely-type\" content=\"post\" \/>\n<meta name=\"parsely-image-url\" content=\"https:\/\/techcrunch.com\/wp-content\/uploads\/2026\/04\/north-korea-883518520.jpg?w=150\" \/>\n<meta name=\"parsely-pub-date\" content=\"2026-04-06T16:43:25Z\" \/>\n<meta name=\"parsely-section\" content=\"Security\" \/>\n<meta name=\"parsely-tags\" content=\"open source,north korea,cybersecurity,social engineering,cyberattack\" \/>\n<meta name=\"parsely-author\" content=\"Zack Whittaker\" \/>","tracker_url":"https:\/\/cdn.parsely.com\/keys\/techcrunch.com\/p.js"},"jetpack_featured_media_url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2026\/04\/north-korea-883518520.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/posts\/3109612","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/users\/133574210"}],"replies":[{"embeddable":true,"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/comments?post=3109612"}],"version-history":[{"count":10,"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/posts\/3109612\/revisions"}],"predecessor-version":[{"id":3109882,"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/posts\/3109612\/revisions\/3109882"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/media\/3109614"}],"wp:attachment":[{"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/media?parent=3109612"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/categories?post=3109612"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/tags?post=3109612"},{"taxonomy":"tc_region","embeddable":true,"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/tc_region?post=3109612"},{"taxonomy":"tc_event","embeddable":true,"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/tc_event?post=3109612"},{"taxonomy":"tc_storyline_tax","embeddable":true,"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/tc_storyline_tax?post=3109612"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/coauthors?post=3109612"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}