Major Polyfill Attack That Hit 100K Websites Traced Back to North Korean Hackers

North Korean hackers linked to 2024 Polyfill attack compromising 100,000 sites, redirecting users to gambling sites via Funnull.

By Content Team

Mar 15, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

The massive 2024 Polyfill supply chain attack that compromised over 100,000 websites has been linked to North Korean hackers, not just Chinese actors as initially believed. The attack began when Chinese company Funnull acquired the popular Polyfill.io service and injected malicious code that redirected mobile users to gambling sites.

New evidence from Hudson Rock shows Funnull was likely a front for North Korean operations. Security researchers discovered this after analyzing data stolen from a North Korean hacker's infected computer, which contained credentials for Polyfill control panels and conversations about the attack.

The ultimate goal was reportedly to funnel users to gambling sites owned by China's Suncity Group, which laundered cryptocurrency back to North Korea. This fits a pattern of North Korean cyber operations that have stolen over $2 billion in cryptocurrency.

Source: Security Week

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

SAP Releases Critical Security Patches for January 2026 - Immediate Action Required

Jan 13, 2026

Denmark Accuses Russia of Cyberattacks on Water Systems and Election Websites

Dec 21, 2025

Critical Chrome Zero-Day Exploit Code Goes Public After Active Attacks

Mar 3, 2026

DarkSword iPhone Exploit Targets iOS 18

Mar 19, 2026