{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreihru2ksqusdpbxbljsud5tlr3wmqh4ka567qmljf4o22yclhpb5jq",
    "uri": "at://did:plc:ghkvexthfanuyq7fb5veq6tw/app.bsky.feed.post/3miu4ozrufbj2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreidi2ix2iemol4llt23goafy4g6neyicjsfcxld55yeyvu64mfgfjy"
    },
    "mimeType": "image/jpeg",
    "size": 396519
  },
  "path": "/2026/04/dprk-linked-hackers-use-github-as-c2-in.html",
  "publishedAt": "2026-04-06T16:24:00.000Z",
  "site": "https://thehackernews.com",
  "textContent": "Threat actors likely associated with the Democratic People's Republic of Korea (DPRK) have been observed using GitHub as command-and-control (C2) infrastructure in multi-stage attacks targeting organizations in South Korea. The attack chain, per Fortinet FortiGuard Labs, involves obfuscated Windows shortcut (LNK) files acting as the starting point to drop a decoy PDF",
  "title": "DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea"
}