North Korean Hackers Exploit VS Code to Remotely Control Victims' Computers

North Korean hackers exploit VS Code tunneling to infiltrate South Korean systems, bypassing security with clever spear-phishing tactics.

By Content Team

Jan 23, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

North Korean hackers are using a clever new trick to break into South Korean systems by exploiting Microsoft Visual Studio Code's legitimate tunneling feature. Darktrace researchers discovered the spear-phishing campaign targeting South Koreans with fake government emails about graduate school programs.

The malicious documents, disguised as official files, secretly install VS Code and create a tunnel called "bizeugene" that gives attackers full remote access. This method bypasses traditional security measures since it uses trusted Microsoft infrastructure instead of suspicious command-and-control servers.

The attack represents a shift toward "living-off-the-land" tactics, where hackers abuse legitimate tools rather than custom malware, making detection extremely difficult for security teams.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Cyber Fraud Now Top CEO Fear, Overtaking Ransomware Threat

Jan 14, 2026

Victorian Teacher's Identity Stolen After Submitting Rental Applications Online

Feb 8, 2026

Massive Supply Chain Attack on Trivy Tool Threatens Thousands of Organizations

Mar 25, 2026

ICO Says Sultana's Unauthorised Party Launch May Be Criminal Matter for Police

Jan 10, 2026