CyberSecurityBoard
Sponsor Register Login

North Korean APT Hackers Create Companies to Deliver Malware Strains Targeting Job Seekers

A sophisticated North Korean advanced persistent threat (APT) group known as “Contagious Interview” has established elaborate fake cryptocurrency consulting companies to target job seekers with specialized malware. Their investigation revealed the threat actors heavily utilize AI-generated images to create convincing “employee” profiles across multiple platforms, including LinkedIn, where the fake companies maintain active presences complete with falsified work histories and client testimonials. The group, a subunit of the infamous North Korean state-sponsored Lazarus Group, has created three front companies—BlockNovas LLC, Angeloper Agency, and SoftGlide LLC—to distribute malware through deceptive job interview processes. To avoid falling victim to such attacks, cybersecurity experts recommend scrutinizing job offers thoroughly, never executing code from unknown sources during interviews, and using dedicated devices for cryptocurrency management. The malware specifically targets cryptocurrency wallets, including MetaMask, BNB Chain, Coinbase, TronLink, Phantom, Crypto.com, and Coin98. Job applicants who engage with these fraudulent companies are unknowingly exposed to a trio of malware strains: BeaverTail, InvisibleFerret, and OtterCookie. Silent Push threat analysts uncovered this elaborate scheme after identifying unusual configurations in BeaverTail malware samples. This innocent-looking code actually fetches and executes the BeaverTail JavaScript malware, which subsequently downloads InvisibleFerret, a Python-based backdoor. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. These malicious tools are specifically designed to steal cryptocurrency wallet credentials, browser data, and provide backdoor access to victim machines. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 25 Apr 2025 08:45:05 +0000


Cyber News related to North Korean APT Hackers Create Companies to Deliver Malware Strains Targeting Job Seekers

Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks - Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet, that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for ...
10 months ago Microsoft.com
North Korea's state hackers stole $3 billion in crypto since 2017 - North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. Kimsuky, Lazarus Group, Andariel, and other North Korean hacking groups ...
1 year ago Bleepingcomputer.com Andariel Kimsuky Lazarus Group
North Korean Hackers Use Fake Job Offers & Salary Bumps as Lure for Crypto Theft - Recent investigations have uncovered a massive operation carried out by North Korean hackers looking to steal cryptocurrency through fake job offers and salary bumps. According to recent reports, hackers have been able to trace the malicious ...
2 years ago Therecord.media
North Korean APT Hackers Create Companies to Deliver Malware Strains Targeting Job Seekers - A sophisticated North Korean advanced persistent threat (APT) group known as “Contagious Interview” has established elaborate fake cryptocurrency consulting companies to target job seekers with specialized malware. Their investigation ...
7 hours ago Cybersecuritynews.com Lazarus Group
North Korean IT worker army expands operations in Europe - GTIG's report follows multiple warnings issued by the FBI regarding North Korea's massive army of IT workers sent abroad to generate revenue, who have tricked hundreds of companies in the United States and worldwide into hiring them over the years. ...
3 weeks ago Bleepingcomputer.com
North Korean Hackers Utilizing Credential Stuffing to Launch Cyberattacks - In an alarming new report, researchers found that North Korean-linked hackers have been using stolen passwords during cyberattacks to gain access to various government, military and financial networks. According to security experts, the creative ...
2 years ago Thehackernews.com
'ResumeLooters' Attackers Steal Millions of Career Records - Attackers used SQL injection and cross-site scripting to target at least 65 job-recruitment and retail websites with legitimate penetration-testing tools, stealing databases containing more than 2 million emails and other personal records of job ...
1 year ago Darkreading.com
State-Sponsored APT Groups Use Ransomware Tactics for Intelligence Gathering and Sabotage - State-sponsored threat groups are increasingly using ransomware-like tactics to hide more insidious activities. Russian APT group Sandworm has used ransomware programs to destroy data multiple times in the past six months, while North Korea's Lazarus ...
2 years ago Csoonline.com Andariel APT3 APT37 APT38 Kimsuky Lazarus Group BianLian
macOS Malware Mix & Match: North Korean APTs Stir Up Fresh Attacks - North Korean advanced persistent threat groups are mixing and matching components of two recently unleashed types of Mac-targeted malware to evade detection and fly under the radar as they continue their efforts to conduct operations at the behest of ...
1 year ago Darkreading.com
North Korea's Kimsuky Attacks Rivals' Trusted Platforms - North Korea-linked threat groups are increasingly using living-off-the-land (LotL) techniques and trusted services to evade detection, with a recent Kimsuky campaign showcasing the use of PowerShell scripts and storing data in Dropbox folders, along ...
2 months ago Darkreading.com Andariel Kimsuky
Microsoft: BlueNoroff hackers plan new crypto-theft attacks - Microsoft warns that the BlueNoroff North Korean hacking group is setting up new attack infrastructure for upcoming social engineering campaigns on LinkedIn. This financially motivated threat group also has a documented history of cryptocurrency ...
1 year ago Bleepingcomputer.com
Woman Accused of Helping North Korean IT Workers Infiltrate Hundreds of US Firms - The US government has announced charges, seizures, arrests and rewards as part of an effort to disrupt a scheme in which North Korean IT workers infiltrated hundreds of companies and earned millions of dollars for North Korea. According to the ...
11 months ago Securityweek.com
Cyber Employment 2024: Sky-High Expectations Fail Businesses & Job Seekers - Well-publicized estimates of a massive shortfall in cybersecurity workers have resulted in high expectations among job seekers in the field, but the reality often falls flat, because of a mismatch between companies' requirements and job seekers' ...
1 year ago Darkreading.com Equation
US govt sanctions North Korea's Kimsuky hacking group - The Treasury Department's Office of Foreign Assets Control has sanctioned the North Korean-backed Kimsuky hacking group for stealing intelligence in support of the country's strategic goals. OFAC has also sanctioned eight North Korean agents for ...
1 year ago Bleepingcomputer.com Andariel Kimsuky
North Korean Hackers Attacked Indian Medical and Energy Companies - The North Korean military's notorious hacking arm, known as the Lazarus Group, has been accused of targeting public and private sector research organizations, an Indian medical research company, and other businesses in the energy sector. Security ...
2 years ago Therecord.media Lazarus Group BianLian
North Korean hackers adopt ClickFix attacks to target crypto firms - Sekoia says that Lazarus impersonates numerous well-known companies in the latest campaign, including Coinbase, KuCoin, Kraken, Circle, Securitize, BlockFi, Tether, Robinhood, and Bybit, from which the North Korean threat actors recently stole a ...
3 weeks ago Bleepingcomputer.com
North Korean Hackers Stole $600m in Crypto in 2023 - North Korean hackers stole at least $600m in cryptocurrency in 2023, around a third of the total value of such heists, according to blockchain intelligence firm TRM. Despite the eye-watering sum, this figure represents a 30% reduction on ...
1 year ago Infosecurity-magazine.com
Microsoft: North Korean hackers join Qilin ransomware gang - Microsoft says Moonstone Sleet hackers are targeting both financial and cyberespionage targets using trojanized software (e.g., PuTTY), custom malware loaders, malicious games and npm packages, and fake software development companies (e.g., C.C. ...
1 month ago Bleepingcomputer.com Qilin
Russian VPS Servers With RDP, Proxy Servers Fuel North Korean Cybercrime Operations - Trend Micro researchers identified that a threat actor known as Void Dokkaebi (also called Famous Chollima) has been conducting extensive social engineering campaigns through fictitious companies like BlockNovas, which presented itself as a ...
7 hours ago Cybersecuritynews.com
North Korean hackers exploit critical TeamCity flaw to breach networks - Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks. In September, TeamCity fixed a critical ...
1 year ago Bleepingcomputer.com CVE-2023-42793 Andariel
Microsoft: Lazarus hackers breach CyberLink in supply chain attack - Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide. According to Microsoft ...
1 year ago Bleepingcomputer.com Lazarus Group
North Korean hackers linked to defense sector supply-chain attack - In an advisory today Germany's federal intelligence agency and South Korea's National Intelligence Service warn of an ongoing cyber-espionage operation targeting the global defense sector on behalf of the North Korean government. The attacks aim to ...
1 year ago Bleepingcomputer.com Lazarus Group
Experts from the United Nations Report North Korean Hackers Have Taken a Large Amount of Digital Assets - Last year, North Korean hackers working for the government stole a record-breaking amount of virtual assets estimated to be worth between $630 million and more than $1 billion, according to a new report from U.N. experts. The panel of experts said ...
2 years ago Securityweek.com Andariel Kimsuky Lazarus Group Rocke
FBI Charges North Korean Hackers Over $100 Million Stolen in Crypto Hack - The FBI has recently charged a North Korean hacker in connection with the Harmony crypto hack from which the hacker allegedly stole over $100 million. The hacker, Jon Chang Hyok, is a member of the North Korean military intelligence agency, the ...
2 years ago Bleepingcomputer.com
Seoul Police Reveals: North Korean Hackers Stole South Korean Anti-Aircraft Data - South Korea: Seoul police have charged Andariel, a North Korea-based hacker group for stealing critical defense secrets from South Korea's defense companies. Allegedly, the laundering ransomware is redirected to North Korea. One of the 1.2 terabytes ...
1 year ago Cysecurity.news Andariel Lazarus Group

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)