Today > vulnerabilities   -   You can now download lists of IOCs here!

Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview

Oct. 25, 2024, 3:52 p.m.

Description

Datadog Security Research discovered three malicious npm packages: passports-js, bcrypts-js, and blockscan-api, containing BeaverTail malware associated with North Korean threat actors. The packages, downloaded 323 times, targeted job-seekers in the US tech industry through a campaign named Contagious Interview. The malware, obfuscated using common techniques, steals cryptocurrency wallet and credit card information from browser caches and login keychains on Unix and Windows systems. The attackers used namesquatting to mimic legitimate packages and exploited the open source software supply chain. Two different campaign IDs were identified, suggesting potentially new efforts to target Node.js developers. The activity was linked to the Contagious Interview campaign through shared infrastructure and tactics.

Date

Published: Oct. 25, 2024, 1:53 p.m.

Created: Oct. 25, 2024, 1:53 p.m.

Modified: Oct. 25, 2024, 3:52 p.m.

Indicators

95.164.17.24

Attack Patterns

BeaverTail

InvisibleFerret

Tenacious Pungsan

T1102.001

T1588.001

T1552.001

T1074

T1571

T1059.007

T1087

T1056.001

T1555

T1005

T1105

T1083

T1140

T1027

T1041

Additional Informations

Technology

United States of America