| SYMBOL | COMMON_NAME | aka. SYNONYMS |
WageMole is a North Korean state-sponsored APT that employs social engineering and technology to secure remote job opportunities in Western countries, leveraging stolen personal data from the Contagious Interview campaign. Threat actors create fake identities, including passports and driver's licenses, and prepare study guides for interviews, often utilizing generative AI for well-structured responses. They target small to mid-sized businesses and utilize job platforms like Upwork and Indeed, while employing automation scripts for account creation. WageMole's activities include sharing code within their group and requesting payments through platforms like PayPal to conceal their identity.
| 2025-04-24
⋅
Silent Push
⋅
Contagious Interview (DPRK) Launches a New Campaign Creating Three Front Companies to Deliver a Trio of Malware: BeaverTail, InvisibleFerret, and OtterCookie BeaverTail OtterCookie FrostyFerret GolangGhost InvisibleFerret GolangGhost |
| 2025-04-23
⋅
Trend Micro
⋅
Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations BeaverTail FrostyFerret GolangGhost InvisibleFerret GolangGhost |
| 2025-04-11
⋅
Bitso Quetzal Team
⋅
Interview with the Chollima BeaverTail OtterCookie InvisibleFerret |
| 2025-04-04
⋅
Socket
⋅
Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads BeaverTail InvisibleFerret |
| 2025-04-02
⋅
ASEC
⋅
BeaverTail and Tropidoor Malware Distributed via Recruitment Emails BeaverTail |
| 2025-03-31
⋅
Sekoia
⋅
From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic FrostyFerret GolangGhost GolangGhost |
| 2025-02-20
⋅
ESET Research
⋅
DeceptiveDevelopment targets freelance developers BeaverTail InvisibleFerret |
| 2025-02-13
⋅
Recorded Future
⋅
Inside the Scam: North Korea’s IT Worker Threat BeaverTail OtterCookie InvisibleFerret |
| 2025-02-07
⋅
⋅
SI-CERT
⋅
SI-CERT TZ016 / BeaverTail & InvisibleFerret BeaverTail InvisibleFerret |
| 2025-02-03
⋅
SentinelOne
⋅
macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed FlexibleFerret FriendlyFerret FrostyFerret |
| 2025-01-29
⋅
Socket
⋅
North Korean APT Lazarus Targets Developers with Malicious npm Package BeaverTail InvisibleFerret |
| 2025-01-29
⋅
SecurityScorecard
⋅
Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign BeaverTail InvisibleFerret |
| 2024-12-24
⋅
⋅
NTT Security Holdings
⋅
Contagious Interview Uses New Malware Otter Cookie BeaverTail OtterCookie InvisibleFerret |
| 2024-11-14
⋅
Palo Alto
⋅
Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack BeaverTail InvisibleFerret WageMole |
| 2024-11-14
⋅
eSentire
⋅
Bored BeaverTail & InvisibleFerret Yacht Club – A Lazarus Lure Pt.2 BeaverTail InvisibleFerret |
| 2024-11-04
⋅
Zscaler
⋅
From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West BeaverTail InvisibleFerret WageMole |
| 2024-11-04
⋅
Israel National Cyber Directorate (INCD)
⋅
Deep Drive Analysis of the BeaverTail Infostealer BeaverTail |
| 2024-10-29
⋅
⋅
Macnica
⋅
Job Offer from the North: Contagious Interview for Software Developers BeaverTail InvisibleFerret |
| 2024-10-29
⋅
SecurityScorecard
⋅
The Job Offer That Wasn’t: How We Stopped an Espionage Plot BeaverTail InvisibleFerret |
| 2024-10-24
⋅
Datadog
⋅
Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview BeaverTail InvisibleFerret |
| 2024-10-17
⋅
Github (ssrdio)
⋅
Analysis of BeaverTail & InvisibleFerret activity BeaverTail InvisibleFerret |
| 2024-10-09
⋅
Palo Alto
⋅
Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware BeaverTail Beavertail |
| 2024-09-10
⋅
Stacklok
⋅
Dependency hijacking: Dissecting North Korea’s new wave of DeFi-themed open source attacks targeting developers BeaverTail InvisibleFerret |
| 2024-09-04
⋅
Group-IB
⋅
APT Lazarus: Eager Crypto Beavers, Video calls and Games BeaverTail BeaverTail InvisibleFerret Beavertail |
| 2024-07-31
⋅
Securonix
⋅
Research Update: Threat Actors Behind the DEV#POPPER Campaign Have Retooled and are Continuing to Target Software Developers via Social Engineering BeaverTail |
| 2024-07-15
⋅
Objective-See
⋅
This Meeting Should Have Been an Email: A DPRK stealer, dubbed BeaverTail, targets users via a trojanized meeting app BeaverTail BeaverTail InvisibleFerret |
| 2024-05-10
⋅
⋅
Qianxin Threat Intelligence Center
⋅
Recruitment trap for blockchain practitioners: Analysis of suspected Lazarus (APT-Q-1) stealing operations BeaverTail |
| 2024-03-24
⋅
Securonix
⋅
Analysis of DEV#POPPER: New Attack Campaign Targeting Software Developers Likely Associated With North Korean Threat Actors BeaverTail |
| 2023-11-21
⋅
Palo Alto Networks Unit 42
⋅
Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors BeaverTail InvisibleFerret WageMole |