SecurityWhen researchers disrupted GlassWorm’s command-and-control infrastructure, the operation kept running. That is because GlassWorm’s C2 does not use domains. It uses the Solana blockchain: instructions are embedded in the memo field of transactions on a wallet address controlled by the operator. Blockchain transactions are immutable. Domain seizure accomplishes nothing. IP blocking accomplishes nothing. Defenders have no mechanism to alter, remove, or intercept instructions embedded in Solana transaction memos without controlling the private key.
GlassWorm distributes its Zig-compiled dropper through a fake WakaTime extension on the Open VSX registry. Installation silently infects every IDE on the developer’s machine, and from there the operation maintains persistent access through a C2 channel that standard infrastructure disruption procedures cannot reach. That technical detail, a blockchain-immutable C2 embedded in transaction memo data, is genuinely novel. But it is not the most strategically significant thing North Korea did in software supply chains this week.
Three Operations, Three Survival Strategies
The more significant development is that GlassWorm is one of three simultaneous North Korean developer-targeting operations active during the same week. Contagious Interview (UNC1069, overlapping BlueNoroff and Sapphire Sleet) is running a package impersonation campaign across five registries: npm, PyPI, Go, Rust, and Packagist. With 164 impersonation domains active, packages are repeatedly pulled and the operation has continued into its third consecutive week of tracking. Drift Protocol, tracked since week 14, is a social engineering vector that has moved $285 million through DPRK laundering infrastructure using human trust relationships.
Three simultaneous operations, each targeting developers, none of them overlapping in delivery mechanism. This is not a sign of resource surplus. It is engineering.
Standard incident response has three primary tools against supply chain operations: infrastructure disruption (domain seizure, IP blocking), platform enforcement (package removal, registry bans), and human-factor response (security awareness, process controls). Each tool works against a specific class of attack vector.
Contagious Interview is designed to survive platform enforcement through volume. With 164 domains feeding the operation, a registry can pull fifty packages and the campaign continues. The adversary needs no single domain or package to survive. Resilience is distributed across the attack surface.
GlassWorm is designed to survive infrastructure disruption through immutability. The C2 instruction set is not hosted on a server that can be seized or a domain that can be redirected. It exists on a public blockchain where the only party who can modify the instructions is the private key holder. There is no mechanism within standard incident response to disrupt this channel once operational.
Drift Protocol is designed to survive technical controls entirely by operating through human trust relationships. Social engineering does not require technical infrastructure. It requires a person who believes they are communicating with a legitimate counterpart. That condition cannot be patched, firewall-blocked, or removed from a registry.
The Attribution Confirms the Structure
The actor overlap here is not incidental. APT38, the financial crime subunit within the Lazarus Group umbrella, links Drift Protocol fund movement to the GlassWorm/Polinrider infrastructure. BlueNoroff and Sapphire Sleet overlap in the Contagious Interview attribution. Financial theft and developer infrastructure compromise are running under the same strategic command simultaneously. These are not three separate teams that happened to be active in the same week. The operations are structurally non-overlapping by design: if defenders disrupt any one vector, the other two continue under separate command structures.
This is a meaningful evolution from prior DPRK supply chain operations, which typically ran as single campaigns. The 2023-2024 Contagious Interview campaign operated on a single delivery vector. GlassWorm represents a second concurrent stream using a different architecture. Drift Protocol adds a third stream with no technical infrastructure requirements at all. Running all three simultaneously converts defender response from resolution into triage: taking down any one operation leaves two operational, and no response capability currently exists that addresses all three simultaneously.
Why Zig, Why Solana, Why Open VSX
The GlassWorm tradecraft deserves examination because the tooling choices are not arbitrary. Zig produces compact, statically linked binaries with minimal standard library dependencies. Cross-compiling for multiple target architectures from a single build environment is straightforward. The resulting binaries evade signature-based detection tuned for Go or Rust-compiled malware, both of which have received increased coverage following UNC1069’s earlier campaigns. Using a less-scrutinized compiled language for the dropper layer while leveraging a public blockchain for C2 represents careful operational security: every component was chosen to outlast the detection and disruption capabilities currently deployed against it.
The Open VSX registry choice is similarly deliberate. VS Code extension repositories have been under increased scrutiny. Open VSX is a less-monitored alternative that developer tooling in Linux environments increasingly targets. IDE extension delivery infects the developer’s entire workstation at once, not a single project dependency. The blast radius is wider for the same delivery effort.
Contagious Interview’s five-registry campaign sustains operation after takedowns because the infrastructure investment is in impersonation domain volume, not in specific packages. The packages are the delivery mechanism; the domains are the supply. Registries remove packages. The operation continues because the supply chain behind the packages is not hosted on the platforms executing the takedowns.
Where This Goes
The blockchain C2 technique will not stay novel. GlassWorm demonstrates it works in deployed operations against real targets. Once that proof-of-concept exists in an active nation-state campaign, adoption across the threat actor spectrum follows. The technique is documented, the tooling is accessible, and Solana transaction fees are negligible. Defenders need response frameworks for blockchain-embedded C2 now, before the technique proliferates beyond nation-state operators into ransomware affiliate infrastructure.
The portfolio redundancy approach is a more durable structural problem. Running three non-overlapping operations simultaneously is a model that other well-resourced actors will study and adapt. The specific vectors will change. The strategic logic, partition the campaign portfolio so that each operation survives the response that neutralizes the others, will not. It is too effective.
Two ArXiv papers published this week document covert inter-agent communication techniques using pseudorandom noise-resilient key exchange embedded in normal model outputs. The underlying principle matches GlassWorm’s approach exactly: use a legitimate, high-volume public channel as the communication substrate, where the attacker’s signal is statistically indistinguishable from normal traffic until decoded with the correct key. The theoretical foundation for the next generation of infrastructure-resistant C2 is already in the research literature. The operational implementation exists in GlassWorm. The gap between the two is closing.
For the operations currently active: three weeks in, none of the three DPRK developer-targeting campaigns has been disrupted in any meaningful sense. Packages have been removed. Infrastructure has been documented. The operations are running. That outcome is not a defender failure. It is confirmation that the adversary mapped the response playbook before launching, and built around it.
Security Unlocked publishes weekly threat intelligence and strategic analysis. This post is based on intelligence collected April 21-27, 2026.