Polyfill.io Compromise Linked to North Korean Operators, Impacting 100k+ Sites
Context and Chronology
In early 2024 a widely embedded JavaScript compatibility service changed ownership, and shortly after began serving altered client‑side code that redirected a subset of mobile visitors to monetized landing pages. Security teams detected the injected scripts by midyear; major platform vendors intervened to blunt immediate harm and published guidance urging removal of the compromised host references. Initial public reporting emphasized the new CDN owner as the proximate vector for the injection, but subsequent forensics reveal an operational chain that extends beyond simple domain control—pointing to credential theft, operator endpoint compromise, and deliberate use of CDN configuration channels.
Forensics, Control‑Plane Evidence, and Attribution
Hudson Rock recovered a LummaC2 sample from an infected operator device and extracted browser session artifacts, stored credentials, and access tokens tied to DNS and CDN management interfaces. Those credentials correlate with the configuration changes that pushed malicious script variants to Polyfill.io consumers, creating a direct technical linkage from a compromised endpoint to the delivery infrastructure. While that artifact set strengthens attribution to an actor aligned with North Korea, attribution is not monolithic: industry disclosures across unrelated supply‑chain incidents show repeated reuse of commodity tooling, cross‑operator outsourcing, and deliberate obfuscation, any of which can blur actor fingerprints. In this case, the control‑plane credentials and operational footprints materially tilt the balance toward a DPRK‑aligned operator model rather than a benign post‑acquisition misconfiguration.
Operational Tradecraft and Cross‑Incident Patterns
The incident fits a larger pattern observed across recent supply‑chain campaigns: human‑targeted credential harvesting (via infostealers or social engineering), transient or memory‑only loaders to limit artifacts, abuse of trusted distribution/update channels, and off‑platform or resilient signaling mechanisms to retain control after takedown. Parallel disclosures (for example, malicious extension updates, poisoned developer packages, and blockchain‑memo based command channels) illustrate how operators decouple control from conventional network indicators and weaponize distribution trust. In the Polyfill case, stolen credentials enabled direct manipulation of CDN/DNS settings—the same control‑plane abuse that other campaigns exploit when they acquire or hijack delivery infrastructure.
Monetization and Illicit‑Finance Linkages
Traffic diversion redirected user sessions into a gambling and adult‑content conversion funnel that flowed into cryptocurrency on‑ramps. That monetization chain—user session → redirect → paid conversions → crypto flows—mirrors monetization observed in other state‑aligned and criminal operations and amplifies the strategic value of supply‑chain footholds: beyond disruption and fraud, such access becomes a steady revenue stream that supports laundering and sustains operational cadence.
Implications for Defenders and Policy
Short‑term remediation must focus on tenant isolation: rotate and revoke any exposed CDN/DNS tokens, remove references to compromised hosts, and perform endpoint forensics for operators who manage delivery infrastructure. Medium‑term controls should include mandatory post‑acquisition forensic audits for CDN/edge deals, enforced cryptographic signing and provenance for third‑party scripts, continuous control‑plane monitoring, and tenancy separation to prevent single‑tenant compromises from pivoting to mass delivery abuse. The incident also underscores the need for cross‑industry coordination between CDNs, browser vendors and exchanges to trace and disrupt illicit‑fiat conversion channels.
Source: SecurityWeek reporting
Read Our Expert Analysis
Create an account or login for free to unlock our expert analysis and key takeaways for this development.
By continuing, you agree to receive marketing communications and our weekly newsletter. You can opt-out at any time.
Recommended for you
China-linked actors exploited hosting compromise to hijack Notepad++ updater
Notepad++ disclosed that attackers, likely backed by China, used a compromised shared hosting environment to reroute selective users to malicious update servers. The project moved hosting and added client-side update verification after the intrusion, which persisted in parts from June through December 2025.
North Korea-linked hackers deploy AI deepfakes and new malware against crypto and fintech firms
Security researchers attribute a recent surge of tailored intrusions against cryptocurrency, fintech and venture firms to a North Korea-linked cluster that combined AI-generated deepfakes with social engineering to deliver seven distinct malware families. The campaign introduced multiple novel data-harvesting tools, leveraged automated reconnaissance and trusted collaboration channels, and highlights parallel risks from exposed AI endpoints and unvetted plugin ecosystems that amplify attacker scale.
Global: OpenClaw plugin marketplace compromised by supply‑chain poisoning of AI skills
Researchers report that hundreds of malicious 'skills' were uploaded to OpenClaw’s ClawHub, delivering backdoors and credential‑theft routines. Separately discovered operational exposures — including internet‑reachable gateways, leaked API tokens and an OpenClaw CVE patched in a maintenance release — magnify the risk of large‑scale compromise across agent deployments.
U.S. Treasury Targets North Korean IT Revenue Network
The U.S. Treasury sanctioned six people and two firms accused of operating a global scheme that placed overseas tech workers into foreign jobs to generate hard currency for North Korea, estimating roughly $800M in 2024 proceeds and tracing about $2.5M into crypto. The action fits a broader enforcement pattern—where OFAC designations are being paired with criminal prosecutions and blockchain forensics—to choke formal cash-out channels while acknowledging technical and displacement limits.
APT37 expands toolkit to pierce air gaps using removable media and cloud C2
Zscaler observed a December 2025 APT37 campaign that combined five newly identified modules — including a memory‑resident loader, a backdoored interpreter runtime, a USB relay spreader and an Android surveillance app — to pierce air‑gapped enclaves while using a mainstream cloud storage service for command-and-control. Defenders should couple stricter removable‑media controls with identity‑first telemetry and cross‑service signal fusion; platform takedowns help but do not eliminate the underlying tradecraft.
Operation Bizarre Bazaar: Criminal Network Hijacks Exposed LLM Endpoints for Profit and Access
A coordinated criminal campaign scans for unauthenticated LLM and model-control endpoints, then validates and monetizes access—running costly inference workloads, selling API access, and probing internal networks. Some exposed targets are agentic connectors and admin interfaces that can leak tokens, credentials, or execute commands, dramatically raising the stakes beyond billable inference.
Italy thwarts Russian-linked cyber intrusions aimed at foreign ministry and Winter Olympics sites
Italian authorities say they disrupted cyber intrusions against diplomatic web properties and online services tied to the Milan-Cortina 2026 Winter Olympics, publicly linking the activity to actors with ties to Russia. Independent security analysis from Palo Alto Networks frames the activity as part of a wider espionage campaign — dubbed the "Shadow Campaign" and tracked as TGR‑STA‑1030 — that uses long‑duration implants, polymorphic loaders, browser‑resident scripts and telephone social engineering, underscoring the need for rapid technical sharing and identity‑first mitigations.
Compromised eScan Update Server Delivered Multi-Stage Malware to Users
Security researchers found that attackers pushed a malicious update through an official eScan update server on January 20, 2026, installing a multi-stage infection on both consumer and enterprise endpoints. eScan isolated affected servers, took them offline for over eight hours, and issued a manual cleanup utility while disputing aspects of the public disclosure.