Investigating the campaigns of Lazarus Group targeting developers and companies
Contents
Investigating the campaigns of Lazarus Group targeting developers and companies
In this investigation, we will examine the suspicious campaigns involving developers, employers, and companies, attributed to the North Korean state-sponsored hacking group, Lazarus Group.
This investigation aims to uncover the suspicious activity related to fake profiles of developers, companies, and recruiters, primarily focused on GitHub. While this attack vector has already been mentioned, our recent findings show an evolution, aiming to give more credibility to these fake identities through the creation of more coherent profiles, including their own websites.
The discovered structure seem related to the Contagious Interview (CL-STA-0420) and Wagemole (CL-STA-0421) campaigns. Both campaigns are linked to the North Korean state-sponsored advanced persistent threat (APT38) known as the Lazarus Group.
The first campaign, is called “Contagious Interview,” involves threat actors posing as employers — often with anonymous or vague identities — to entice software developers into installing malware during the interview process. This …
In this investigation, we will examine the suspicious campaigns involving developers, employers, and companies, attributed to the North Korean state-sponsored hacking group, Lazarus Group.
This investigation aims to uncover the suspicious activity related to fake profiles of developers, companies, and recruiters, primarily focused on GitHub. While this attack vector has already been mentioned, our recent findings show an evolution, aiming to give more credibility to these fake identities through the creation of more coherent profiles, including their own websites.
The discovered structure seem related to the Contagious Interview (CL-STA-0420) and Wagemole (CL-STA-0421) campaigns. Both campaigns are linked to the North Korean state-sponsored advanced persistent threat (APT38) known as the Lazarus Group.
The first campaign, is called “Contagious Interview,” involves threat actors posing as employers — often with anonymous or vague identities — to entice software developers into installing malware during the interview process. This …
IoC
https://dev.ambitio.in/
https://developers.sh
https://roadmap.sh/
https://cipheristash.com/
https://ambitio.club/
https://cipherstash.com/
https://credentee.io/
https://developers.sh
https://roadmap.sh/
https://cipheristash.com/
https://ambitio.club/
https://cipherstash.com/
https://credentee.io/