Contact

Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack

NetmanageIT OpenCTI - opencti.netmanageit.com

Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack



SUMMARY :

Unit 42 researchers identified a North Korean IT worker activity cluster, CL-STA-0237, involved in phishing attacks using malware-infected video conference apps. The cluster likely operates from Laos and exploited a U.S.-based SMB IT services company to apply for other jobs, securing a position at a major tech company in 2022. This cluster is part of a broader network of North Korean IT workers supporting illicit activities. The article highlights the shift from stable income-seeking to aggressive malware campaigns and illustrates the global reach of these workers. Organizations are advised to strengthen hiring processes, implement robust monitoring, evaluate outsourced services, and ensure employees don't use corporate machines for personal activities.

OPENCTI LABELS :

phishing,north korea,supply chain,beavertail,contagious interview,invisibleferret,wagemole,insider threat,fake it workers


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack