This article discusses the Contagious Interview campaign linked to North Korean threat actor PurpleBravo, which has targeted over 3,000 IP addresses across multiple sectors in various regions. It highlights the use of malicious code, fake job offers, and sophisticated infrastructure to conduct cyber espionage and financial theft, emphasizing the vulnerabilities in the IT supply chain. #PurpleBravo #ContagiousInterview
Keypoints
- The Contagious Interview campaign has targeted 3,136 IP addresses affiliated with organizations worldwide from August 2024 to September 2025.
- North Korean threat actor PurpleBravo employs malicious Visual Studio Code projects and fake LinkedIn personas to spread malware like BeaverTail and GolangGhost.
- The campaign exploits trusted developer workflows and job-seeking candidatesβ devices to access corporate networks and data.
- Command-and-control servers are hosted across multiple providers and operated via Astrill VPN in China, linking infrastructure to North Korean activity.
- The threat underscores the vulnerability of the IT supply chain, with fraudulent job offers risking sensitive data leakage and organizational exposure.
Read More: https://thehackernews.com/2026/01/north-korean-purplebravo-campaign.html