TGTGInsighttelegram intelligenceLIVE / telegram public index
← The Hacker News
View original
The Hacker News avatar

TGINSIGHT POST

Post #8749

@thehackernews

The Hacker News

Views9,340Post view count
PostedApr 604/06/2026, 04:27 PM
Post content

Post content

🚨 DPRK-linked attackers used GitHub as C2 in phishing-led attacks on South Korean orgs. LNK files trigger hidden PowerShell, set persistence, and exfiltrate system data to attacker repos while pulling new payloads. 🔗 Read → https://thehackernews.com/2026/04/dprk-linked-hackers-use-github-as-c2-in.html