How One Developer Took Down the Supply Chain

How One Developer Took Down the Supply Chain

From Hacker And The Fed by Chris Tarbell & Hector Monsegur

April 9, 2026 · 47 min

About this episode

Chris and Hector discuss a North Korean supply chain attack that began with a fake Microsoft Teams update and involved extensive developer compromise.

Chris and Hector break down a highly effective North Korean supply chain attack that started with a fake Microsoft Teams update and escalated into full developer compromise. They explore how modern attackers combine social engineering, open source manipulation, and long term access to infiltrate software pipelines. The episode also covers GitHub based attacks, compromised routers at scale, and why simple human pressure remains one of the most powerful tools in cybercrime. Join our Patreon for weekly bonus episodes: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

People in this episode

Hosts: Chris Tarbell, Hector Monsegur

Topics covered

  • supply chain attack
  • cybersecurity
  • social engineering
  • open source manipulation
  • software pipelines
  • GitHub attacks
  • human pressure in cybercrime

Keywords

  • supply chain attack
  • North Korea
  • Microsoft Teams
  • cybercrime
  • social engineering
  • GitHub
  • developer compromise
  • open source

Mentioned in this episode

Organizations: Microsoft, GitHub, North Korea

More episodes of Hacker And The Fed

Explore listener stats, chart rankings, contacts and more on the Hacker And The Fed podcast page.