216.73.217.80

From primitive crypto theft to sophisticated AI-based deception

· Published 09/11/2025 04:31 · Modified 10/11/2025 12:05

Export JSON

Essential information

Published
09/11/2025 04:31
Modified
10/11/2025 12:05
Tags
2025-09-25 2025-11-09 ai-based deception akdoortea beavertail cryptocurrency identity theft information theft invisibleferret it worker fraud job offers job scams malware multiplatform north korea ottercookie postnaptea remote access social engineering tropidoor tsunamikit weaselstore
Related entities
1 observables, 1 intrusion sets (apt), 9 techniques (mitre), 8 malware, 7 others

Description

The -aligned threat actor DeceptiveDevelopment employs tactics to target software developers, especially those in and Web3 projects. They use fake and trojanized code challenges to deliver like and . The group has evolved to include more sophisticated tools like and . There are connections between DeceptiveDevelopment and North Korean campaigns, with both groups collaborating and sharing information. The IT workers use AI-generated fake identities and employ proxy interviewers to secure remote jobs, posing risks to employers. This hybrid threat combines traditional fraud with cybercrime, blurring the lines between targeted APT activity and cybercrime.