North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms
Contents
Executive Summary
- North Korea-aligned threat actors actively monitor cyber threat intelligence to detect infrastructure exposure and scout for new assets. This analysis focuses on the abuse of cyber intelligence platforms by the actors behind the Contagious Interview campaign cluster employing the ClickFix social engineering technique.
- They operate in coordinated teams with real-time collaboration, likely using Slack and multiple intelligence sources such as Validin, VirusTotal, and Maltrail.
- Although aware their infrastructure is detectable, they make only limited changes to reduce detection and disruption risk, while rapidly deploying new infrastructure in response to service provider takedowns.
- This indicates a strategic focus on continuously replacing disrupted infrastructure with new assets to sustain operations and high victim engagement.
- Factors such as decentralized command and competitive internal incentives may limit the threat actors’ ability to consistently protect existing infrastructure at scale.
- SentinelLABS’ analysis suggests that the threat actors are effective at engaging targets; there were …
- North Korea-aligned threat actors actively monitor cyber threat intelligence to detect infrastructure exposure and scout for new assets. This analysis focuses on the abuse of cyber intelligence platforms by the actors behind the Contagious Interview campaign cluster employing the ClickFix social engineering technique.
- They operate in coordinated teams with real-time collaboration, likely using Slack and multiple intelligence sources such as Validin, VirusTotal, and Maltrail.
- Although aware their infrastructure is detectable, they make only limited changes to reduce detection and disruption risk, while rapidly deploying new infrastructure in response to service provider takedowns.
- This indicates a strategic focus on continuously replacing disrupted infrastructure with new assets to sustain operations and high victim engagement.
- Factors such as decentralized command and competitive internal incentives may limit the threat actors’ ability to consistently protect existing infrastructure at scale.
- SentinelLABS’ analysis suggests that the threat actors are effective at engaging targets; there were …
IoC
http://https://robinhood.evalvidz.com/invite/fZ6j8A2k
http://89.19.58.51
http://nvidia-release.us
http://216.24.215.231
http://screenquestion.org
http://VidHireHub.com
http://wegrowup.us
http://api.drive-release.cloud
http://70.32.3.15
http://easyjobinterview.org
http://skillcheck.pro
http://careerquestion.com
http://hirelytics360.com
http://evalassesso.com
http://api.release-drivers.online
http://181.53.13.189
http://skillmasteryhub.us
http://glitchmedic.com
http://70.39.70.194
http://versusx.us
http://96.62.127.126
http://45.86.208.162
http://181.215.9.29
http://evaluateiq.com
http://speakure.com
http://paxosassessments.com
http://robinhood.evalvidz.com
http://quickproassess.com
http://194.33.45.162
http://motionassess.com
http://home/relefmwz/api.release-drivers.online/
http://talentcheck.pro
http://quiz-nest.com
http://willotalent.us
http://vidassesspro.com
http://hireassessment.com
http://hiringassessment.net
http://77.247.126.189
http://skillquestions.com
http://hiringassessment.com
http://38.170.181.10
http://paxos-video-interview.com
http://skill-share.org
http://181.59.180.84
http://api.camdriverhelp.club
http://webcamfixer.online
181.215.9.29
181.59.180.84
70.32.3.15
181.53.13.189
89.19.58.51
70.39.70.194
96.62.127.126
216.24.215.231
77.247.126.189
38.170.181.10
194.33.45.162
45.86.208.162
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
44ddabf5b5d601077936a130a2863a96d2af1c8e
4a8bfa28d46ae14e45a50e105e2d34f850ffa96c
24042a8eea9b9c20af1f7bae00296b44968a068f
http://89.19.58.51
http://nvidia-release.us
http://216.24.215.231
http://screenquestion.org
http://VidHireHub.com
http://wegrowup.us
http://api.drive-release.cloud
http://70.32.3.15
http://easyjobinterview.org
http://skillcheck.pro
http://careerquestion.com
http://hirelytics360.com
http://evalassesso.com
http://api.release-drivers.online
http://181.53.13.189
http://skillmasteryhub.us
http://glitchmedic.com
http://70.39.70.194
http://versusx.us
http://96.62.127.126
http://45.86.208.162
http://181.215.9.29
http://evaluateiq.com
http://speakure.com
http://paxosassessments.com
http://robinhood.evalvidz.com
http://quickproassess.com
http://194.33.45.162
http://motionassess.com
http://home/relefmwz/api.release-drivers.online/
http://talentcheck.pro
http://quiz-nest.com
http://willotalent.us
http://vidassesspro.com
http://hireassessment.com
http://hiringassessment.net
http://77.247.126.189
http://skillquestions.com
http://hiringassessment.com
http://38.170.181.10
http://paxos-video-interview.com
http://skill-share.org
http://181.59.180.84
http://api.camdriverhelp.club
http://webcamfixer.online
181.215.9.29
181.59.180.84
70.32.3.15
181.53.13.189
89.19.58.51
70.39.70.194
96.62.127.126
216.24.215.231
77.247.126.189
38.170.181.10
194.33.45.162
45.86.208.162
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
44ddabf5b5d601077936a130a2863a96d2af1c8e
4a8bfa28d46ae14e45a50e105e2d34f850ffa96c
24042a8eea9b9c20af1f7bae00296b44968a068f