| SYMBOL | COMMON_NAME | aka. SYNONYMS |
WageMole is a North Korean state-sponsored APT that employs social engineering and technology to secure remote job opportunities in Western countries, leveraging stolen personal data from the Contagious Interview campaign. Threat actors create fake identities, including passports and driver's licenses, and prepare study guides for interviews, often utilizing generative AI for well-structured responses. They target small to mid-sized businesses and utilize job platforms like Upwork and Indeed, while employing automation scripts for account creation. WageMole's activities include sharing code within their group and requesting payments through platforms like PayPal to conceal their identity.
| 2025-02-20
⋅
ESET Research
⋅
DeceptiveDevelopment targets freelance developers BeaverTail InvisibleFerret |
| 2025-02-13
⋅
Recorded Future
⋅
Inside the Scam: North Korea’s IT Worker Threat BeaverTail OtterCookie InvisibleFerret |
| 2025-02-07
⋅
⋅
SI-CERT
⋅
SI-CERT TZ016 / BeaverTail & InvisibleFerret BeaverTail InvisibleFerret |
| 2025-02-03
⋅
SentinelOne
⋅
macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed FlexibleFerret FriendlyFerret FrostyFerret |
| 2025-01-29
⋅
Socket
⋅
North Korean APT Lazarus Targets Developers with Malicious npm Package BeaverTail InvisibleFerret |
| 2025-01-29
⋅
SecurityScorecard
⋅
Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign BeaverTail InvisibleFerret |
| 2024-12-24
⋅
⋅
NTT Security Holdings
⋅
Contagious Interview Uses New Malware Otter Cookie BeaverTail OtterCookie InvisibleFerret |
| 2024-11-14
⋅
Palo Alto
⋅
Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack BeaverTail InvisibleFerret WageMole |
| 2024-11-14
⋅
eSentire
⋅
Bored BeaverTail & InvisibleFerret Yacht Club – A Lazarus Lure Pt.2 BeaverTail InvisibleFerret |
| 2024-11-04
⋅
Israel National Cyber Directorate (INCD)
⋅
Deep Drive Analysis of the BeaverTail Infostealer BeaverTail |
| 2024-11-04
⋅
Zscaler
⋅
From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West BeaverTail InvisibleFerret WageMole |
| 2024-10-29
⋅
⋅
Macnica
⋅
Job Offer from the North: Contagious Interview for Software Developers BeaverTail InvisibleFerret |
| 2024-10-29
⋅
SecurityScorecard
⋅
The Job Offer That Wasn’t: How We Stopped an Espionage Plot BeaverTail InvisibleFerret |
| 2024-10-24
⋅
Datadog
⋅
Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview BeaverTail InvisibleFerret |
| 2024-10-09
⋅
Palo Alto
⋅
Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware BeaverTail Beavertail |
| 2024-09-10
⋅
Stacklok
⋅
Dependency hijacking: Dissecting North Korea’s new wave of DeFi-themed open source attacks targeting developers BeaverTail InvisibleFerret |
| 2024-09-04
⋅
Group-IB
⋅
APT Lazarus: Eager Crypto Beavers, Video calls and Games BeaverTail BeaverTail InvisibleFerret Beavertail |
| 2024-07-31
⋅
Securonix
⋅
Research Update: Threat Actors Behind the DEV#POPPER Campaign Have Retooled and are Continuing to Target Software Developers via Social Engineering BeaverTail |
| 2024-07-15
⋅
Objective-See
⋅
This Meeting Should Have Been an Email: A DPRK stealer, dubbed BeaverTail, targets users via a trojanized meeting app BeaverTail BeaverTail InvisibleFerret |
| 2024-05-10
⋅
⋅
Qianxin Threat Intelligence Center
⋅
Recruitment trap for blockchain practitioners: Analysis of suspected Lazarus (APT-Q-1) stealing operations BeaverTail |
| 2024-03-24
⋅
Securonix
⋅
Analysis of DEV#POPPER: New Attack Campaign Targeting Software Developers Likely Associated With North Korean Threat Actors BeaverTail |
| 2023-11-21
⋅
Palo Alto Networks Unit 42
⋅
Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors BeaverTail InvisibleFerret WageMole |