Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.
Endigest AI Core Summary
GitLab's Threat Intelligence Team exposes North Korean nation-state threat actor operations, including the Contagious Interview malware campaign and IT worker activity observed on their platform in 2025.
•In 2025, GitLab banned 131 unique accounts distributing malicious code attributed to North Korean threat actors, averaging 11 bans per month with activity peaking in September.
•Over 95% of malicious projects used JavaScript-based malware families BeaverTail and Ottercookie, with payloads hosted on external services like Vercel rather than GitLab itself.
•The most common attack pattern encoded staging URLs in .env files and used a custom error handler invoking Function.constructor to execute remote code, making detection difficult even for developers who audit code.
•A synthetic identity pipeline created at least 135 personas at scale, and one IT worker controlled 21 unique personas using stolen U.S. identity documents while operating from Moscow.
•GitLab is releasing over 600 in
This summary was automatically generated by AI based on the original article and may not be fully accurate.
GitLab
The Hacker News