| SYMBOL | COMMON_NAME | aka. SYNONYMS |
WageMole is a North Korean state-sponsored APT that employs social engineering and technology to secure remote job opportunities in Western countries, leveraging stolen personal data from the Contagious Interview campaign. Threat actors create fake identities, including passports and driver's licenses, and prepare study guides for interviews, often utilizing generative AI for well-structured responses. They target small to mid-sized businesses and utilize job platforms like Upwork and Indeed, while employing automation scripts for account creation. WageMole's activities include sharing code within their group and requesting payments through platforms like PayPal to conceal their identity.
| 2025-01-29
⋅
Socket
⋅
North Korean APT Lazarus Targets Developers with Malicious npm Package BeaverTail InvisibleFerret |
| 2024-12-24
⋅
⋅
NTT Security Holdings
⋅
Contagious Interview Uses New Malware Otter Cookie BeaverTail OtterCookie InvisibleFerret |
| 2024-11-14
⋅
eSentire
⋅
Bored BeaverTail & InvisibleFerret Yacht Club – A Lazarus Lure Pt.2 BeaverTail InvisibleFerret |
| 2024-11-14
⋅
Palo Alto
⋅
Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack BeaverTail InvisibleFerret WageMole |
| 2024-11-04
⋅
Israel National Cyber Directorate (INCD)
⋅
Deep Drive Analysis of the BeaverTail Infostealer BeaverTail |
| 2024-11-04
⋅
Zscaler
⋅
From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West BeaverTail InvisibleFerret WageMole |
| 2024-10-29
⋅
SecurityScorecard
⋅
The Job Offer That Wasn’t: How We Stopped an Espionage Plot BeaverTail InvisibleFerret |
| 2024-10-29
⋅
⋅
Macnica
⋅
Job Offer from the North: Contagious Interview for Software Developers BeaverTail InvisibleFerret |
| 2024-10-24
⋅
Datadog
⋅
Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview BeaverTail InvisibleFerret |
| 2024-10-09
⋅
Palo Alto
⋅
Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware BeaverTail Beavertail |
| 2024-09-10
⋅
Stacklok
⋅
Dependency hijacking: Dissecting North Korea’s new wave of DeFi-themed open source attacks targeting developers BeaverTail InvisibleFerret |
| 2024-09-04
⋅
Group-IB
⋅
APT Lazarus: Eager Crypto Beavers, Video calls and Games BeaverTail BeaverTail InvisibleFerret Beavertail |
| 2024-07-31
⋅
Securonix
⋅
Research Update: Threat Actors Behind the DEV#POPPER Campaign Have Retooled and are Continuing to Target Software Developers via Social Engineering BeaverTail |
| 2024-07-15
⋅
Objective-See
⋅
This Meeting Should Have Been an Email: A DPRK stealer, dubbed BeaverTail, targets users via a trojanized meeting app BeaverTail BeaverTail InvisibleFerret |
| 2024-05-10
⋅
⋅
Qianxin Threat Intelligence Center
⋅
Recruitment trap for blockchain practitioners: Analysis of suspected Lazarus (APT-Q-1) stealing operations BeaverTail |
| 2024-03-24
⋅
Securonix
⋅
Analysis of DEV#POPPER: New Attack Campaign Targeting Software Developers Likely Associated With North Korean Threat Actors BeaverTail |
| 2023-11-21
⋅
Palo Alto Networks Unit 42
⋅
Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors BeaverTail InvisibleFerret WageMole |