216.73.216.78

Analysis of DEV#POPPER: New Attack Campaign Targeting Software Developers Likely Associated With North Korean Threat Actors

· Published 29/04/2024 18:38 · Modified 01/05/2024 23:06

Export JSON

Essential information

Published
29/04/2024 18:38
Modified
01/05/2024 23:06
Tags
dev#popper developers python python-based rat rat social engineering
Related entities
7 observables, 1 intrusion sets (apt), 9 techniques (mitre), 1 malware

Description

This report delves into an ongoing attack campaign, codenamed , likely orchestrated by North Korean threat actors, targeting software through fake job interviews. The attackers trick the into downloading and executing malicious disguised as benign software. The report meticulously dissects the attack chain, uncovering its stages, from a malicious NPM package to command execution, payload download, and the 's capabilities, including system information gathering, remote command execution, data exfiltration, and keystroke logging.

External references