"Inside North Korea's Global Cyber Playbook" published by @proofpoint. #ContagiousInterview, #ITWorker, #Podcast, #TA427, #DPRK, #CTI

🔥 Hot summer, sizzling crypto. and scammers turning up the heat 🔥. Back in March, Sekoia #TDR team published a deep-dive report on a #Lazarus cluster we dubbed #ClickFake Interview, leveraging the #ClickFix technique in their #ContagiousInterview campaign.

"These North Korean phishers just don't stop" published by @dazhengzhang. #ContagiousInterview, #DPRK, #CTI

"Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader" published by @SocketSecurity. #ContagiousInterview, #NPM, #XORIndex, #DPRK, #CTI

"Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages" published by @SocketSecurity. #BeaverTail, #ContagiousInterview, #HexEval, #NPM, #DPRK, #CTI

"WaterPlumが使用するマルウェアOtterCookieの機能追加" published by @NTTSH_JP. #OtterCookie, #WaterPlum, #ContagiousInterview, #DPRK, #CTI

"Additional Features of OtterCookie Malware Used by WaterPlum" published by @NTTSH_JP. #OtterCookie, #WaterPlum, #ContagiousInterview, #DPRK, #CTI

Now that the cat is out of the bag regarding the use of front companies like BlockNovas LLC (blocknovas[.]com) in DPRK-linked #ContagiousInterview campaigns. We thought we'd share our overview of network telemetry surrounding this particular activity.

"Cómo domar un Chollima" published by @BirminghamCyber. #ChaoticCapybara, #VelvetChollima, #macOS, #ContagiousInterview, #DPRK, #CTI

North Korean threat actors are using the #ContagiousInterview and #WageMole campaigns to secure remote jobs in the West, bypassing sanctions with stolen data. ThreatLabz researchers have identified obfuscation enhancements, new Windows & macOS package formats, and over 100

"Interview with the Chollima" published by @BirminghamCyber. #ContagiousInterview, #OtterCookie, #DPRK, #CTI

"Astrill VPN: Silent Push Publicly Releases New IPs on VPN Service Heavily Used by North Korean Threat Actors" published by Silentpush. #ContagiousInterview, #FamousChollima, #DPRK, #CTI

ブログで「WaterPlumが使用するマルウェアOtterCookieの機能追加」を公開しました。.OtterCookieを用いた攻撃は継続しており、2025年2月と4月にはアップデートも観測されました。.#DPRK #ContagiousInterview.

NTT Security Japan published a blog post "Additional Features of OtterCookie Malware Used by WaterPlum", translation of “.WaterPlumが使用するマルウェアOtterCookieの機能追加”. #DPRK #ContagiousInterview.

NTT Security Japan published a blog post "OtterCookie, new malware used in Contagious Interview campaign", translation of “Contagious Interviewが使用する新たなマルウェアOtterCookieについて”. #DPRK #ContagiousInterview #OtterCookie.

"Rolling in the Deep(Web): Lazarus Tsunami" published by @hisolutions. #ContagiousInterview, #Tsunami, #DPRK, #CTI

Done: Lazarus APT: Techniques for Hunting ContagiousInterview.Introduction of their tool using a Lazarus case.

北朝鮮の脅威アクターがサイバー攻撃、国内も要注意とNTT子会社が警告 #MynaviNews (Dec 28). #マルウェア #OtterCookie #ContagiousInterview #サイバー攻撃 #北朝鮮 .

"Analysis of LinkedIn Recruitment Phishing" published by @SlowMist_Team. #ContagiousInterview, #DPRK, #CTI

SOCにてOtterCookieマルウェアの新たな通信先を確認しております。プロキシサーバーでのフィルタリングやログ調査にご活用ください。. blastapi[.]org.95[.]164.38.33.78[.]46.65.194. #OtterCookie #ContagiousInterview.