Inside DPRK's Fake Job Platform Targeting U.S. AI Talent
Contents
Inside DPRKâs Fake Job Platform Targeting U.S. AI Talent
This week we began tracking a new variant of the DPRK-linked Contagious Interview operation, an illicit job-platform campaign designed to socially engineer and compromise people seeking jobs in a variety of roles, including software developers, artificial intelligence researchers, crypto currency professionals, and other technical and non-technical job seekers while mimicking leading brands in these areas. Unlike the widely reported DPRK IT worker programs that impersonate employees to infiltrate companies, Contagious Interview focuses on compromising real, job seeking, individuals themselves. This latest iteration stands out for its noticeably higher level of polish, legitimacy cues, and technical completeness.
The discovery surfaced through our continuous YARA-based scanning pipeline, which has already surfaced many DPRK-aligned lures this year. What appeared at first to be another disposable phishing page revealed itself to be something far more elaborate: a fully formed, React Next.js based job platform with dozens of …
This week we began tracking a new variant of the DPRK-linked Contagious Interview operation, an illicit job-platform campaign designed to socially engineer and compromise people seeking jobs in a variety of roles, including software developers, artificial intelligence researchers, crypto currency professionals, and other technical and non-technical job seekers while mimicking leading brands in these areas. Unlike the widely reported DPRK IT worker programs that impersonate employees to infiltrate companies, Contagious Interview focuses on compromising real, job seeking, individuals themselves. This latest iteration stands out for its noticeably higher level of polish, legitimacy cues, and technical completeness.
The discovery surfaced through our continuous YARA-based scanning pipeline, which has already surfaced many DPRK-aligned lures this year. What appeared at first to be another disposable phishing page revealed itself to be something far more elaborate: a fully formed, React Next.js based job platform with dozens of …
IoC
https://drivers.softpedia.com/driver-update.pkg\
http://lenvny.com
http://advisorflux.com
https://app.lenvny.com/cam-v-abc123.fix
http://app.lenvny.com
http://assureeval.com
http://carrerlilla.com
https://www.lever.co/
72.61.9.45
69.62.86.78
[email protected]
http://lenvny.com
http://advisorflux.com
https://app.lenvny.com/cam-v-abc123.fix
http://app.lenvny.com
http://assureeval.com
http://carrerlilla.com
https://www.lever.co/
72.61.9.45
69.62.86.78
[email protected]