North Korean hackers pushed out malicious updates to a popular open source project by hacking a top developer's computer in a long-running campaign.