North Korean Hackers Target Job Seekers With Phony Interviews

North Korean hackers continue to target software developers via social engineering attacks, according to researchers at Recorded Future.

A North Korean group tracked as “PurpleBravo” is using job-themed phishing schemes and ClickFix attacks to compromise developers working in the “AI, cryptocurrency, financial services, IT services, marketing, and software development verticals in Europe, South Asia, the Middle East, and Central America.”

Recorded Future notes, “PurpleBravo presents an overlooked threat to the IT software supply chain. Because many targets are in the IT services and staff-augmentation industries with large public customer bases, compromises can propagate downstream to their customers.

“This campaign poses an acute software supply-chain risk to organizations that outsource development, particularly in regions where PurpleBravo concentrates its fictitious recruitment efforts.”

The threat actor has been using fake LinkedIn profiles to pose as recruiters, attempting to trick job seekers into accessing malicious GitHub repos as part of phony coding interviews. The researchers note, “In several cases, it is likely that job-seeking candidates executed malicious code on corporate devices, creating organizational exposure beyond the individual target.”

Recorded Future concludes, “[A]lthough cryptocurrency theft may be the group’s primary focus, many of the compromised organizations operate in other areas, namely software development and IT services. This presents an acute supply-chain risk to organizations that rely on individual contractors or outsource their IT services work.

“While the North Korean IT worker employment threat has been widely publicized, the PurpleBravo supply-chain risk deserves equal attention so organizations can prepare, defend, and prevent sensitive data leakage to North Korean threat actors.”

AI-powered security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

Recorded Future has the story.

The world's largest library of security awareness training content is now just a click away!

In your fight against phishing and social engineering you can now deploy the best-in-class simulated phishing platform combined with the world's largest library of security awareness training content; including 1000+ interactive modules, videos, games, posters and newsletters.

You can now get access to our new ModStore Preview Portal to see our full library of security awareness content; you can browse, search by title, category, language or content topics.

The ModStore Preview includes: