Rewards Hub North Korean hacking group PurpleBravo has launched a cyber espionage campaign targeting over 3,100 IP addresses linked to AI, cryptocurrency, and finance companies, according to a study by Recorded Future. The group used fake job interviews to infiltrate organizations, posing as recruiters or developers to trick targets into executing malicious code. Victims span 20 organizations across South Asia, North America, and other regions.
The attackers employed remote access trojans like PylangGhost and GolangGhost to steal browser credentials and cookies. They disguised their operations using a fake Odessa, Ukraine identity and hosted malware through a GitHub repository and various service providers. The investigation also uncovered related Telegram channels selling LinkedIn and Upwork accounts, with interactions noted with the cryptocurrency exchange MEXC Exchange.
North Korean Hackers Target 3,100 IPs with Fake Job Interviews
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.