Analysis of DEV#POPPER: New Attack Campaign Targeting Software Developers Likely Associated With North Korean Threat Actors
Essential information
- Published
- 29/04/2024 18:38
- Modified
- 01/05/2024 23:06
- Tags
- dev#popper developers python python-based rat rat social engineering
- Related entities
- 7 observables, 1 intrusion sets (apt), 9 techniques (mitre), 1 malware
Description
This report delves into an ongoing social engineering attack campaign, codenamed DEV#POPPER, likely orchestrated by North Korean threat actors, targeting software developers through fake job interviews. The attackers trick the developers into downloading and executing malicious Python-based RAT disguised as benign software. The report meticulously dissects the attack chain, uncovering its stages, from a malicious NPM package to command execution, payload download, and the RAT's capabilities, including system information gathering, remote command execution, data exfiltration, and keystroke logging.