Inside the Scam: North Korea's IT Worker Threat

Feb. 13, 2025, 9:45 a.m.

Description

North Korea has exploited remote work opportunities to infiltrate international companies with fraudulent IT workers, generating revenue and posing cybersecurity risks. The group PurpleBravo targets cryptocurrency firms using malware like BeaverTail and InvisibleFerret. At least seven suspected North Korean front companies in China were identified spoofing legitimate IT firms. The threat extends beyond financial fraud to cyber espionage and intellectual property theft. Organizations are advised to implement stringent identity verification, enhanced remote work security, and robust international intelligence-sharing to counter this expanding threat from North Korean IT operatives.

External References

https://go.recordedfuture.com/hubfs/reports/cta-nk-2025-0213.pdf
https://otx.alienvault.com/pulse/67adbcc296dcb8f800756dce
Tags
malware
espionage
north korea
cryptocurrency
beavertail
invisibleferret
remote work
2025-02-13
ottercookie
front companies
it workers

Date

  • Created: Feb. 13, 2025, 9:34 a.m.
  • Published: Feb. 13, 2025, 9:34 a.m.
  • Modified: Feb. 13, 2025, 9:45 a.m.

Indicators

  • cde5afd20b7bb5c9457b68e02c13094125025fb974df425020361303dc6fcdfc
  • d0a5b9dc988834cc930624661e6e7dd1943d480d75594fff0f4bc39d229c5999
  • 8de446957ce96826628c88da9fd4e7ff9d6327d8004afc4e9e86d59e7d6948dc
  • 4e0034e2bd5a30db795b73991ab659bda6781af2a52297ad61cae8e14bf05f79
  • 7846a0a0aa90871f0503c430cc03488194ea7840196b3f7c9404e0a536dbb15e
  • 10f86be3e564f2e463e45420eb5f9fbdb14f7427eac665cd9cc7901efbc4cc59
  • 07183a60ebcb02546c53e82d92da3ddcf447d7a1438496c4437ec06b4d9eb287
  • d5c0b89e1dfbe9f5e5b2c3f745af895a36adf772f0b72a22052ae6dfa045cea6
  • 0621d37818c35e2557fdd8a729e50ea662ba518df8ca61a44cc3add5c6deb3cd
  • 67.203.7.205
  • 67.203.7.200
  • 66.235.168.238
  • 45.43.11.201
  • 45.59.163.56
  • 38.92.47.91
  • 38.92.47.151
  • 202.53.148.16
  • 202.53.148.32
  • 180.235.135.184
  • 180.235.135.180
  • 165.140.86.227
  • 154.205.155.71
  • 147.124.212.125
  • 147.124.197.138
  • 103.51.141.153
  • 103.51.141.152
  • 103.15.29.45
  • 66.235.168.232
  • 38.92.47.85
  • 147.124.197.149
  • 67.203.7.163
  • 147.124.214.129
  • 147.124.214.237
  • 66.235.175.109
  • 147.124.214.131
  • wuxiantechltd.com
  • xiwangtechltd.com
  • pengzhoutrading.com
  • huguotechltd.com
  • hisolution.io
  • hi-devs.com
  • diditechltd.com
  • deepsealuc.com
Download all indicators here!

Attack Patterns

  • OtterCookie
  • BeaverTail
  • InvisibleFerret
  • PurpleBravo

Additional Informations

  • Technology
  • Finance
  • Costa Rica
  • British Indian Ocean Territory
  • India
  • China
  • United Arab Emirates