Based on reporting from SecurityScorecard’s STRIKE team, the North Korean state-backed threat actor employs a React and Node.js-based system in each C2 server to enable centralized management of stolen data, observation of compromised hosts, and payload distribution.
Lazarus Group found using web-based admin panel for campaign management
