Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Datadog Security Research discovered three malicious npm packages: passports-js, bcrypts-js, and blockscan-api, containing BeaverTail malware associated with North Korean threat actors. The packages, downloaded 323 times, targeted job-seekers in the US tech industry through a campaign named Contagious Interview. The malware, obfuscated using common techniques, steals cryptocurrency wallet and credit card information from browser caches and login keychains on Unix and Windows systems. The attackers used namesquatting to mimic legitimate packages and exploited the open source software supply chain. Two different campaign IDs were identified, suggesting potentially new efforts to target Node.js developers. The activity was linked to the Contagious Interview campaign through shared infrastructure and tactics.
OPENCTI LABELS :
infostealer,cryptocurrency,software supply chain,npm,dprk,beavertail,contagious interview,invisibleferret,namesquatting
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview