Analysis of PyLangGhost RAT, a Python-based malware from Lazarus subgroup Famous Chollima targeting finance and tech sectors through fake job interviews, stealing credentials and cryptocurrency wallets.
Malware AnalysisAnalysis of PyLangGhost RAT, a Python-based malware from Lazarus subgroup Famous Chollima targeting finance and tech sectors through fake job interviews, stealing credentials and cryptocurrency wallets.
DPRK AnalysisComprehensive investigation into suspicious GitHub activity revealing coordinated campaigns by DPRK-affiliated actors using fake identities and the #OpenToWork hashtag to infiltrate organizations.
Fraud AlertInvestigation into fraudulent recruiter accounts on GitHub and LinkedIn used by threat actors to target developers and infiltrate organizations through fake job opportunities.
DPRK AnalysisComprehensive recap of findings regarding suspicious Lazarus Group activity on GitHub, analyzing patterns in fake developer profiles, achievement badges, and coordinated campaigns targeting the developer community.
DPRK AnalysisIn-depth analysis of GitHub account activity associated with Lazarus Group, examining commit history manipulation, identity obfuscation techniques, and patterns used by DPRK IT workers to maintain cover identities.
DPRK AnalysisDetailed investigation into suspicious GitHub activity patterns associated with Lazarus Group and DPRK IT workers, revealing coordinated efforts to establish fake developer identities and infiltrate software development communities.
DPRK IntelligenceDPRK IT workers evolve from job seekers to recruiters, orchestrating systematic identity harvesting campaigns on Upwork and Freelancer platforms through scripted collaboration requests and remote access tools.