"Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader" published by Socket. #ContagiousInterview, #NPM, #XORIndex, #DPRK, #CTI https://socket.dev/blog/contagious-interview-campaign-escalates-67-malicious-npm-packages

"Inside North Korea's Global Cyber Playbook" published by Proofpoint. #ContagiousInterview, #ITWorker, #Podcast, #TA427, #DPRK, #CTI https://podcasts.apple.com/us/podcast/comic-sans-and-cybercrime-inside-north-koreas-global/id1612506550?i=1000715261677

"Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages" published by Socket. #BeaverTail, #ContagiousInterview, #HexEval, #NPM, #DPRK, #CTI https://socket.dev/blog/north-korean-contagious-interview-campaign-drops-35-new-malicious-npm-packages

"These North Korean phishers just don't stop" published by dazhengzhang. #ContagiousInterview, #DPRK, #CTI https://archive.is/LbK6h

"WaterPlumが使用するマルウェアOtterCookieの機能追加" published by NTTSecurity. #OtterCookie, #WaterPlum, #ContagiousInterview, #DPRK, #CTI https://jp.security.ntt/tech_blog/waterplum-ottercookie

"Additional Features of OtterCookie Malware Used by WaterPlum" published by NTTSecurity. #OtterCookie, #WaterPlum, #ContagiousInterview, #DPRK, #CTI https://jp.security.ntt/tech_blog/en-waterplum-ottercookie

"Now that the cat is out of the bag regarding the use of front companies like BlockNovas LLC" published by TeamCymru. #ContagiousInterview, #DPRK, #CTI https://archive.is/E2Hcp

"Rolling in the Deep(Web): Lazarus Tsunami" published by HISolutions. #ContagiousInterview, #Tsunami, #DPRK, #CTI https://research.hisolutions.com/2025/04/rolling-in-the-deepweb-lazarus-tsunami/

good thing the US is gutting beneficial ownership regulations that would make it easier to understand who actually owns US trusts and corporations while simultaneously trashing both crypto enforcement at the DOJ but also more generally cyber defense

"The companies, Blocknovas LLC and Softglide LLC, were set up in the states of #NewMexico and New York using fake personas and addresses."

* Reuters: https://www.reuters.com/sustainability/boards-policy-regulation/north-korean-cyber-spies-created-us-firms-dupe-crypto-developers-2025-04-24/
* Technical details from Silent Push: https://www.silentpush.com/blog/contagious-interview-front-companies/

#DPRK #NorthKorea #hackers #crypto #cybersecurity #infosec #uspol #Nypol #newyork #uspolitics #contagiousInterview #Github #lazarusGroup

"Contagious Interview (DPRK) Launches a New Campaign Creating Three Front Companies to Deliver a Trio of Malware" published by Silentpush. #BeaverTail, #ContagiousInterview, #InvisibleFerret, #OtterCookie, #FamousChollima, #ClickFix, #DPRK, #CTI https://www.silentpush.com/blog/contagious-interview-front-companies/

"Interview with the Chollima" published by BirminghamCyber. #ContagiousInterview, #OtterCookie, #DPRK, #CTI https://quetzal.bitso.com/p/interview-with-the-chollima

"Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads" published by Socket. #BeaverTail, #ContagiousInterview, #Lazarus, #NPM, #DPRK, #CTI https://socket.dev/blog/lazarus-expands-malicious-npm-campaign-11-new-packages-add-malware-loaders-and-bitbucket

"From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic" published by SEKOIA. #ClickFix, #ContagiousInterview, #GolangGhost, #Lazarus, #FrostyFerret, #DPRK, #CTI https://blog.sekoia.io/clickfake-interview-campaign-by-lazarus/

"Cómo domar un Chollima" published by BirminghamCyber. #ChaoticCapybara, #VelvetChollima, #macOS, #ContagiousInterview, #DPRK, #CTI https://news.mefiltraron.com/p/edicion-especial-como-domar-un-chollima

"Analysis of LinkedIn Recruitment Phishing" published by Slowmist. #ContagiousInterview, #DPRK, #CTI https://slowmist.medium.com/slowmist-analysis-of-linkedin-recruitment-phishing-4b4b55e02bf4

"I just got a scam attempt by a Linkedin "recruiter"" published by Bruno. #ContagiousInterview, #DPRK, #CTI https://archive.md/yJ5iY

"Another day another North Korean scammer" published by dazhengzhang. #ContagiousInterview, #DPRK, #CTI https://archive.is/WxtB0

"Astrill VPN: Silent Push Publicly Releases New IPs on VPN Service Heavily Used by North Korean Threat Actors" published by Silentpush. #ContagiousInterview, #FamousChollima, #DPRK, #CTI https://www.silentpush.com/blog/astrill-vpn/

"RustDoor and Koi Stealer for macOS Used by North Korea-Linked Threat Actor to Target the Cryptocurrency Sector" published by PaloaltoNetworks. #ContagiousInterview, #Koi, #RustDoor, #macOS, #AlluringPisces, #DPRK, #CTI https://unit42.paloaltonetworks.com/macos-malware-targets-crypto-sector/

"DPRK DriverEasy & ChromeUpdate Deep Dive" published by Kandji. #ContagiousInterview, #DriverEasy, #DPRK, #CTI https://www.kandji.io/blog/drivereasy