Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea

The Polyfill supply chain attack that hit more than 100,000 websites back in 2024 has now been linked to North Korean threat actors after it was initially tied only to China.

In February 2024, the popular Polyfill.io service, used by websites to deliver JavaScript code for browser compatibility, was acquired by Chinese CDN company Funnull, which then began injecting malicious JavaScript into scripts served from cdn.polyfill.io.

The malicious code, which targeted mobile users with evasion techniques and redirected them to betting or adult sites, was confirmed by security firms Sansec and C/side in June 2024.

The attack affected more than 100,000 websites that embedded the library, prompting widespread recommendations to remove references to the Polyfill domain immediately due to the risk of malicious activity with an even greater impact.

Cloudflare and Google also took action to protect users at the time.

The involvement of ...