Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview
Oct. 25, 2024, 3:52 p.m.
Tags
External References
Description
Datadog Security Research discovered three malicious npm packages: passports-js, bcrypts-js, and blockscan-api, containing BeaverTail malware associated with North Korean threat actors. The packages, downloaded 323 times, targeted job-seekers in the US tech industry through a campaign named Contagious Interview. The malware, obfuscated using common techniques, steals cryptocurrency wallet and credit card information from browser caches and login keychains on Unix and Windows systems. The attackers used namesquatting to mimic legitimate packages and exploited the open source software supply chain. Two different campaign IDs were identified, suggesting potentially new efforts to target Node.js developers. The activity was linked to the Contagious Interview campaign through shared infrastructure and tactics.
Date
Published: Oct. 25, 2024, 1:53 p.m.
Created: Oct. 25, 2024, 1:53 p.m.
Modified: Oct. 25, 2024, 3:52 p.m.
Attack Patterns
BeaverTail
InvisibleFerret
Tenacious Pungsan
T1102.001
T1588.001
T1552.001
T1074
T1571
T1059.007
T1087
T1056.001
T1555
T1005
T1105
T1083
T1140
T1027
T1041
Additional Informations
Technology
United States of America