lazarusholic

Everyday is lazarus.dayβ

Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview

2024-10-24, Datadog
https://securitylabs.datadoghq.com/articles/tenacious-pungsan-dprk-threat-actor-contagious-interview/
#BeaverTail #ContagiousInterview #TenaciousPungsan

Contents

Key points and observations
- In September 2024, Datadog Security Research discovered three malicious npm packages:
passports-js
,bcrypts-js
, andblockscan-api
. - These packages had a combined 323 downloads and contained samples of BeaverTail malware, a family of JavaScript infostealers and downloaders used by threat actors associated with Democratic Peopleâs Republic of Korea (DPRK, also referred to as North Korea).
- Reporting from Palo Alto Networks Unit 42 has associated BeaverTail with an ongoing campaign named Contagious Interview, which targets job-seekers in the US tech industry. Victims are encouraged to participate in a fictitious job interview, during which the BeaverTail malware is delivered as part of an interview task.
- Datadog Security Research has linked the samples presented in this blog to Contagious Interview and attributes them to a single threat actor which we designate âTenacious Pungsan.â (We align nation-state threat actor clusters with their national breeds, and the Pungsan is a dog native to North Korea.)
Background
In …

IoC

[email protected]
95.164.17.24
[email protected]