North Korean Hackers Target AI and Crypto Companies Through Fake Interviews, Affecting Over 3,100 IP Addresses

Odaily News: The North Korean hacker group PurpleBravo has launched a large-scale fake recruitment campaign, targeting over 3,100 IP addresses associated with AI, cryptocurrency, and financial services companies. Posing as recruiters or developers on platforms like LinkedIn, the attackers lured job seekers into performing technical interview tasks on corporate devices, such as reviewing code or cloning malicious Git repositories. This allowed them to deploy the PylangGhost and GolangGhost remote access trojans to steal browser credentials.

This operation has already victimized 20 organizations across South Asia, North America, and Europe. Research indicates that the hacker group used forged Ukrainian identities for cover and weaponized Microsoft Visual Studio Code to implant backdoors. Current monitoring shows the group is using Astrill VPN and C2 servers located in China to conceal their tracks, with related activities overlapping with the Contagious Interview cluster.