North Korean hackers continue to target software developers via social engineering attacks, according to researchers at Recorded Future.
A North Korean group tracked as “PurpleBravo” is using job-themed phishing schemes and ClickFix attacks to compromise developers working in the “AI, cryptocurrency, financial services, IT services, marketing, and software development verticals in Europe, South Asia, the Middle East, and Central America.”
Recorded Future notes, “PurpleBravo presents an overlooked threat to the IT software supply chain. Because many targets are in the IT services and staff-augmentation industries with large public customer bases, compromises can propagate downstream to their customers.
“This campaign poses an acute software supply-chain risk to organizations that outsource development, particularly in regions where PurpleBravo concentrates its fictitious recruitment efforts.”
The threat actor has been using fake LinkedIn profiles to pose as recruiters, attempting to trick job seekers into accessing malicious GitHub repos as part of phony coding interviews. The researchers note, “In several cases, it is likely that job-seeking candidates executed malicious code on corporate devices, creating organizational exposure beyond the individual target.”
Recorded Future concludes, “[A]lthough cryptocurrency theft may be the group’s primary focus, many of the compromised organizations operate in other areas, namely software development and IT services. This presents an acute supply-chain risk to organizations that rely on individual contractors or outsource their IT services work.
“While the North Korean IT worker employment threat has been widely publicized, the PurpleBravo supply-chain risk deserves equal attention so organizations can prepare, defend, and prevent sensitive data leakage to North Korean threat actors.”
Recorded Future has the story.
