216.73.216.86

PurpleBravo’s Targeting of the IT Software Supply Chain

· Published 21/01/2026 22:26 · Modified 21/01/2026 23:19

Export JSON

Essential information

Published
21/01/2026 22:26
Modified
21/01/2026 23:19
Tags
2026-01-21 astrill vpn beavertail browser credential theft cryptocurrency github golangghost invisibleferret it services north korea pylangghost remote access trojan social engineering software supply chain
Related entities
187 observables, 1 intrusion sets (apt), 20 techniques (mitre), 18 others

Description

PurpleBravo, a North Korean state-sponsored threat group, targets software developers through fake recruitment efforts, particularly in and software development sectors. Their toolkit includes , , and , designed for stealing browser credentials and information. The group has affected 3,136 IP addresses, mainly in South Asia and North America, compromising 20 organizations across various industries. PurpleBravo's tactics include using fictitious personas, malicious repositories, and sophisticated malware to infiltrate companies, posing a significant supply-chain risk. The group shows overlap with PurpleDelta, another North Korean threat actor, sharing infrastructure and operational patterns. PurpleBravo's focus on the IT sector in South Asia presents an overlooked threat to organizations outsourcing .

External references