Express
North Korean Hackers Target Over 3100 IP Addresses of AI, Crypto, and Financial Companies with False Job Interview Attacks
Summary: According to market reports, security company Recorded Future's latest research shows that North Korean-affiliated hacker group PurpleBravo has launched cyber espionage activities against over 3100 IP addresses of artificial intelligence, cryptocurrency, and financial services companies through false recruitment interviews. The organization disguises itself as recruiters or developers, luring targets to execute malicious code under the ...
According to market reports, security company Recorded Future's latest research shows that North Korean-affiliated hacker group PurpleBravo has launched cyber espionage activities against over 3100 IP addresses of artificial intelligence, cryptocurrency, and financial services companies through false recruitment interviews.
The organization disguises itself as recruiters or developers, luring targets to execute malicious code under the guise of technical interviews. Attackers claim to be from crypto or tech companies, requesting job seekers to review code, clone repositories, or complete programming tasks. Security researchers have identified 20 victim organizations from regions such as South Asia and North America. The group uses multiple aliases and disguises itself with a false identity from Odessa, Ukraine. The attacks involve remote access trojans such as PylangGhost and GolangGhost, capable of automatically stealing browser credentials and cookies.
The hackers also host their malicious software servers through malicious GitHub repositories, Astrill VPN, and 17 service providers. Additionally, investigations found related Telegram channels selling LinkedIn and Upwork accounts, with attackers interacting with the cryptocurrency trading platform MEXC Exchange.
Tags:
Link: North Korean Hackers Target Over 3100 IP Addresses of AI, Crypto, and Financial Companies with False Job Interview Attacks [Copy]
