Supply Chain Attacks
March 14, 20261 min read124
North Korean Actors Deploy Malicious NPM Packages to Steal Git Repositories
The SnugBit campaign, linked to North Korea, targets developers on Windows, macOS and Linux to steal Git repositories and SSH keys through malicious NPM packages.
By Titan Layer Editorial Team
Published on March 14, 2026
Source: —
The Lazarus Group, North Korea's most prolific threat actor, launched a new campaign called SnugBit targeting software developers across multiple platforms through malicious NPM packages.
Attackers published dozens of seemingly legitimate NPM packages using typosquatting names. Once installed, packages collect environment variables, SSH keys, Git credentials and .env files, sending everything to attacker-controlled servers.
Developers are high-value targets due to access to source code, CI/CD pipelines, cloud credentials and client secrets. Protect yourself by verifying package reputation, using lock files, implementing dependency security scanning, and never storing credentials in plain environment variables.
Article information
Editorial author:Titan Layer Editorial Team
Original source:—
Original publisher:—
Original author:—
Original publication date:—
Reference link:—
Titan Layer publication date:March 14, 2026
Content type:Curated summary and editorial analysis
#coreia do norte#npm#supply chain#lazarus#desenvolvedores
Share this article
Related Articles
Cyber Crime
The npm Threat Landscape: Attack Surface and Mitigations
Titan Layer
4/25/2026
Infrastructure Security
Vercel Confirms Breach Linked to Third-Party AI Tool
Titan Layer
4/20/2026
Critical Vulnerabilities
36 Malicious npm Packages Disguised as Strapi Plugins Deployed Backdoors and Stole Credentials
Titan Layer
4/5/2026