8legs: North korea, democratic people's republic of korea

#1 out of 1

JSON services hijacked by North Korean hackers to send out malware

North Korean Lazarus Group actors used JSON storage services to host malware in the Contagious Interview operation.
The attack chain began with fake LinkedIn profiles offering jobs to developers, guiding them to download a demo project.
BeaverTail and a Python backdoor named InvisibleFerret were dropped from a JSON storage service as part of the payload.
TsunamiKit is a multi-stage toolkit that can act as an infostealer or a cryptojacker to mine Monero.
Researchers note the attackers used legitimate services to blend in with normal traffic and stay hidden.
The Contagious Interview campaign targeted developers for data exfiltration and crypto wallet theft.
BeaverTail and TsunamiKit can blend into normal traffic by using hosted storage services and code repositories.
NVISIO researchers flagged the Contagious Interview techniques as part of ongoing investigations into the campaign.
The attackers used a fake LinkedIn outreach method to lure developers into downloading the malware demo projects.
The report emphasizes the use of Base64-encoded data pointing to JSON storage services as part of the malware delivery.

Vote 0