{
  "name": "Inside DPRK's Fake Job Platform Targeting U.S. AI Talent",
  "slug": "inside-dprks-fake-job-platform-targeting-us-ai-talent",
  "description": "This analysis details a sophisticated DPRK-linked operation called Contagious Interview, which uses a fake job platform to target U.S. AI talent. The campaign mimics legitimate recruitment processes, offering job listings from well-known tech companies to lure victims. The platform, hosted at lenvny[.]com, is designed to appear as a legitimate AI-powered interview tool. It employs various techniques to establish credibility, including professional design, fake testimonials, and comparisons with real companies. The attack culminates in a malware delivery through a clipboard hijacking technique, triggered when victims attempt to record a video introduction. This operation specifically targets high-value professionals in AI and cryptocurrency sectors, aiming to gain access to strategic information and financial assets.",
  "published": "2025-11-26T09:07:38+00:00",
  "created_at": "2025-11-26T09:07:38+00:00",
  "modified_at": "2025-12-21T17:05:56+00:00",
  "created_at_opencti": "2025-11-26T09:07:38+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-11-26",
    "ai talent",
    "clickfix",
    "clipboard hijacking",
    "contagious interview",
    "cryptocurrency",
    "fake job platform",
    "malware delivery",
    "social engineering"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "69.62.86.78"
      },
      {
        "id": "",
        "name": "72.61.9.45"
      }
    ],
    "malware": [
      {
        "id": "2d2c305e-d8f7-4cb6-8195-6cce5631c6c9",
        "name": "ClickFix",
        "slug": "clickfix"
      }
    ],
    "intrusion_sets": [
      {
        "id": "f192d037-a510-4097-8215-d44df9688d9f",
        "name": "DPRK",
        "slug": "dprk"
      }
    ],
    "attack_patterns": [
      {
        "id": "7d7ac733-6442-416f-8669-c302dd0843b9",
        "name": "T1036"
      },
      {
        "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d",
        "name": "T1566"
      },
      {
        "id": "5575e4ab-4900-402d-ae65-0469fc55a179",
        "name": "T1547.009"
      },
      {
        "id": "32b33067-6566-4b8d-be80-e96f765d84de",
        "name": "T1059.001"
      },
      {
        "id": "50514c04-b3a2-4abf-a855-e3a434200c87",
        "name": "T1204"
      },
      {
        "id": "8863cc85-f2b7-4e3c-b48f-fbfbd5ecf50d",
        "name": "T1546.001"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      },
      {
        "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571",
        "name": "T1105"
      },
      {
        "id": "9e784d22-5a6c-4da6-968a-5fab2f019efd",
        "name": "T1059.005"
      },
      {
        "id": "5999052b-e9ae-49e8-9235-d9bf975c22af",
        "name": "T1547.001"
      },
      {
        "id": "870bd958-53a3-4d25-9f23-00aa8bd6674d",
        "name": "T1102"
      },
      {
        "id": "c22b5073-f426-4294-98bb-219d17345158",
        "name": "T1553.002"
      },
      {
        "id": "14660ccf-ca6b-42f6-8bca-e1b7a04650b3",
        "name": "T1573.001"
      },
      {
        "id": "0156fcda-e385-4662-b388-086c3e16feec",
        "name": "T1140"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "United States of America"
      },
      {
        "id": "",
        "name": "Finance"
      },
      {
        "id": "",
        "name": "Technologies"
      },
      {
        "id": "",
        "name": "carrerlilla.com"
      },
      {
        "id": "",
        "name": "advisorflux.com"
      },
      {
        "id": "",
        "name": "assureeval.com"
      },
      {
        "id": "",
        "name": "lenvny.com"
      }
    ]
  },
  "external_refs": [
    "https://www.validin.com/blog/inside_dprk_fake_job_platform/",
    "https://otx.alienvault.com/pulse/6926d16a60c2447d2c490745"
  ]
}