North Korean threat actors are now using JSON storage services to host malicious payloads and target software developers through professional networking platforms. This campaign involves sophisticated tactics like obfuscated code and multiple payloads such as BeaverTail and TsunamiKit. #NorthKorea #ContagiousInterview
Keypoints
- North Korean hackers are utilizing JSON storage services like JSON Keeper, JSONsilo, and npoint.io to distribute malware.
- The campaign involves deception via professional networking sites such as LinkedIn, promoting fake collaboration or job assessments.
- Malicious code in shared projects contains Base64-encoded URLs pointing to JSON storage services hosting the payloads.
- Malware includes BeaverTail for data harvesting and InvisibleFerret backdoor, along with additional payloads like TsunamiKit.
- The actors aim to stealthily exfiltrate sensitive data, using legitimate websites and repositories to blend in with normal traffic.
Read More: https://thehackernews.com/2025/11/north-korean-hackers-turn-json-services.html