Analysis of DEV#POPPER: New Attack Campaign Targeting Software Developers Likely Associated With North Korean Threat Actors
Contents
Securonix Threat Research Security Advisory – Fast Track/Early-Warning Coverage Advisory (FCA)
EARLY DRAFT – Analysis of DEV#POPPER: New Attack Campaign Targeting Software Developers Likely Associated With North Korean Threat Actors
By Securonix Threat Research: D.Iuzvyk, T. Peck, O.Kolesnikov
Apr 24, 2024
tldr:
The Securonix Threat Research Team has been monitoring a new ongoing social engineering attack campaign (tracked by STR as DEV#POPPER) likely associated with North Korean threat actors who are targeting developers using fake interviews to deliver a Python-based RAT.
The Threat Research team has been investigating a new threat campaign (tracked by STR as DEV#POPPER) that’s been targeting software developers. STR has been able to identify malicious software repositories used by attackers as part of the attack campaign, which we’ll delve deeper into to get a better understanding as to how the malicious threat actors infect systems and their capabilities.
Introduction
Social engineering is an advanced tactic used by threat actors to manipulate individuals into divulging …
EARLY DRAFT – Analysis of DEV#POPPER: New Attack Campaign Targeting Software Developers Likely Associated With North Korean Threat Actors
By Securonix Threat Research: D.Iuzvyk, T. Peck, O.Kolesnikov
Apr 24, 2024
tldr:
The Securonix Threat Research Team has been monitoring a new ongoing social engineering attack campaign (tracked by STR as DEV#POPPER) likely associated with North Korean threat actors who are targeting developers using fake interviews to deliver a Python-based RAT.
The Threat Research team has been investigating a new threat campaign (tracked by STR as DEV#POPPER) that’s been targeting software developers. STR has been able to identify malicious software repositories used by attackers as part of the attack campaign, which we’ll delve deeper into to get a better understanding as to how the malicious threat actors infect systems and their capabilities.
Introduction
Social engineering is an advanced tactic used by threat actors to manipulate individuals into divulging …
IoC
147.124.214.131
173.211.106.101
33617F0AC01A0F7FA5F64BD8EDEF737F678C44E677E4A2FB23C6B8A3BCD39FA2
45c991529a421104f2edf03d92e01d95774bf54325f9107dd4139505912a0c1e
977A9024962102B02128D391C0543C63328D3F26701ECA1A5D282AF4D493DC2E
F9CA12321FB91157CCE8513E935810D1C2005AB0739322B474F0CB4AF2605D16
http://147.124.214.131
http://147.124.214.131:1244
http://173.211.106.101
173.211.106.101
33617F0AC01A0F7FA5F64BD8EDEF737F678C44E677E4A2FB23C6B8A3BCD39FA2
45c991529a421104f2edf03d92e01d95774bf54325f9107dd4139505912a0c1e
977A9024962102B02128D391C0543C63328D3F26701ECA1A5D282AF4D493DC2E
F9CA12321FB91157CCE8513E935810D1C2005AB0739322B474F0CB4AF2605D16
http://147.124.214.131
http://147.124.214.131:1244
http://173.211.106.101