⚠️ Region Alert: UAE/Middle East
North Korean threat cluster PurpleBravo, also known as DeceptiveDevelopment or UNC5342, has expanded its "Contagious Interview" campaign to target over 3,100 IP addresses and 20 organizations globally. The activity spans critical sectors including artificial intelligence, cryptocurrency, and financial services across regions like the Middle East (specifically the UAE), Europe, and South Asia. Attackers utilize sophisticated social engineering on LinkedIn, posing as recruiters to lure candidates into performing malicious coding assessments.
Technically, the campaign leverages malicious GitHub repositories and Visual Studio Code projects to distribute the BeaverTail JavaScript infostealer and the GolangGhost backdoor. A significant risk highlighted by researchers is the tendency for job seekers to execute these malicious tasks on corporate-issued devices, inadvertently facilitating enterprise-level supply chain compromises. This tactic underscores the evolving threat to developer workflows and the convergence of cyber espionage with financial theft objectives.
Top comments (0)