North Korean IT Worker Network Tied to BeaverTail Phishing Campaign

Nov. 18, 2024
North Korean IT Worker Network Tied to BeaverTail Phishing Campaign
  1. Home
  2. News
  3. North Korean IT Worker Network Tied to BeaverTail Phishing Campaign

Read more about North Korean fake IT workers:

  • US Government Warns Firms to Avoid Hiring North Korean IT Workers
  • North Korean Hackers Targeted Cybersecurity Firm KnowBe4 with Fake IT Worker
  • North Korea Escalates Fake IT Worker Schemes to Extort Employers

North Korean hackers have used the BeaverTail malware in phishing campaigns that target job seekers in the technology sector via fake recruiters, according to Palo Alto Networks.

Unit 42, Palo Alto’s research team, observed that a North Korean IT worker activity cluster tracked as CL-STA-0237 and likely operating from Laos, was involved in recent phishing attacks using BeaverTail-infected video conference apps.

Background on BeaverTail

The BeaverTail malware is distributed through files disguised as legitimate applications, such as MiroTalk and FreeConference, deceiving victims into installing the malicious software.

Details about BeaverTail were initially reported by Unit 42 in November 2023.

Twelve months ago, the malware was used as a part of a phishing campaign called ‘Contagious Interview ‘ involving a North Korean threat cluster tracked as CL-STA-240.

The campaign has since evolved, with new malware versions including a downloader compiled using the cross-platform Qt framework. This allows attackers to deploy malware on both macOS and Windows systems from a single source code.

Additionally, code updates have been made to the InvisibleFerret backdoor, which enables further control of infected devices.

Get the Job, Then Spread Malware

In a new report published on November 14, 2024, Unit 42 observed CL-STA-0237, another North Korean threat group, leveraging BeaverTail for a campaign that started as early as 2022.

First, CL-STA-0237 registered new internet domains associated with a July 2024 MiroTalk fake job campaign.

The group exploited information from a US-based IT services company and controlled multiple IT infrastructure and management accounts that belonged to the company.

A persona linked to the group listed the company as its employer, citing employment since 2019 in some of its fake resumes. It also managed email accounts that mimicked the company’s owner, using them to apply for other jobs.

Tags:

No tags.

JikGuard.com, a high-tech security service provider focusing on game protection and anti-cheat, is committed to helping game companies solve the problem of cheats and hacks, and providing deeply integrated encryption protection solutions for games.

Explore Features>>

Top

Top Mobile Game Security: Essential Solutions to Protect Your Game
Top Mobile Game Security: Essential Solutions to Protect Your Game
May 7, 2025
None
Mastering String Encryption: Protect Your Games from Hackers
May 7, 2025
None
JNI Protection in Games
May 7, 2025
None
Bungie's content cycling on Destiny 2 causes legal kerfuffle in plagiarism suit
May 6, 2025
None
NCSoft invests in TX-based studio founded by id, Naughty Dog alums
May 6, 2025

Tags

Featured BlogsTop StoriesLayoffsBlogsCultureFeaturesGenerative AIGDC 2024Horror GamesUnityUbisoftValveStaff BlogOmdia | Game Industry AnalysisGame Developer EssentialsState of the Game Industry ReportGame Developer's 2024 Wrap-Up: Top Games Devs and TrendsGame Developer CollectiveAudioDesignerSpotlight SeriesDeep Divesunity encryption[Company] UnityArtist[Company] Xbox[Company] PlayStationCooking GamesAnti-modifierGame SecurityRootRoot detectionAssetbundle encryptionGodotCareer adviceQ&A'sGameGuardianModifierAnti-RootSignature verificationUnity Hardeningab package encryptioniOS resource encryptionCECheat EngineAnti-CrackingGame Anti-HackingAnti-Hacking

Recent

Top Mobile Game Security: Essential Solutions to Protect Your Game
Top Mobile Game Security: Essential Solutions to Protect Your Game
May 7, 2025
None
Mastering String Encryption: Protect Your Games from Hackers
May 7, 2025
None
JNI Protection in Games
May 7, 2025
None
Bungie's content cycling on Destiny 2 causes legal kerfuffle in plagiarism suit
May 6, 2025
None
NCSoft invests in TX-based studio founded by id, Naughty Dog alums
May 6, 2025
None
Microsoft's Q3 report shows slight Xbox growth as fresh price hikes loom
May 2, 2025
None
GTA VI has been delayed until 2026 but now has an actual release date
May 2, 2025
None
Vox sells Polygon to Valnet in a blow to video game market
May 2, 2025
None
Compulsion Games boss: Generative AI usage 'is not mandated' at Xbox
May 2, 2025
None
'It was really wearing people down:' The funding challenges that followed 'runaway success' Another Crab's Treasure
May 1, 2025

Popular

None
Xbox is increasing hardware prices and bumping first-party titles to $80
May 1, 2025
None
Report: Russia aims to seize assets of former Wargaming subsidiary Lesta Studio
April 30, 2025
None
Report: EA lays off hundreds of workers after canceling games at Respawn Entertainment
April 30, 2025
None
'We are frustrated:' ZeniMax union workers continue to pressure Microsoft over contract negotiations
April 30, 2025
None
Unity Protection: Comprehensive Strategies for Securing Your Game
April 29, 2025
None
Game Anti-Repackaging: The Ultimate Protection for Developers and Publishers
April 29, 2025
None
Game SSL Pinning: A Vital Shield for Unreal Engine Cheat Protection
April 29, 2025
None
Roblox, Discord sued for 'facilitating the sexual exploitation' of a minor
April 29, 2025
None
Journey developer thatgamecompany to co-host game jam with $10,000 prize pool
April 28, 2025
None
Unreal Engine Protection: Ensuring Game Security and Preventing Cheating
April 27, 2025

Random

None
Microsoft's Q3 report shows slight Xbox growth as fresh price hikes loom
May 2, 2025
None
Report: Russia aims to seize assets of former Wargaming subsidiary Lesta Studio
April 30, 2025
None
Tenderfoot Tactics developer pulls title from Xbox to support pro-Palestine boycott
April 25, 2025
None
Report: Meta has laid off over 100 Reality Labs employees
April 25, 2025
None
GTA VI has been delayed until 2026 but now has an actual release date
May 2, 2025
None
Exploring Memory Protection in Gaming: Key Techniques and Solutions
April 27, 2025
None
Journey developer thatgamecompany to co-host game jam with $10,000 prize pool
April 28, 2025
None
IO Interactive co-founder launches new 'consensus'-driven studio
April 25, 2025
None
App Shield: The Ultimate Solution for Mobile Game Protection
April 24, 2025
None
Nintendo tells customers in Japan to expect Switch 2 hardware shortage at launch
April 23, 2025

Most Views

None
Game Code Obfuscation: Essential Techniques and Tools for Developers
April 24, 2025
None
Anti Decompile: The Ultimate Game Protection Strategy
April 24, 2025
None
App Shield: The Ultimate Solution for Mobile Game Protection
April 24, 2025
None
Top-Rated App Protect Solutions for Mobile Game Developers: Ensure Security and Fair Play
April 24, 2025
None
Discord names former Activision Blizzard and King exec as its new CEO
April 24, 2025
None
Huge donation will help The Strong preserve the history of defunct Saints Row developer Volition
April 24, 2025
None
The Big Con developer Mighty Yell confirms layoffs
April 24, 2025
None
Top Mobile App Security Solution: Protecting Your Applications in 2025
April 23, 2025
None
Steam users will soon be able to search for games based on accessibility features
April 23, 2025
None
Nintendo tells customers in Japan to expect Switch 2 hardware shortage at launch
April 23, 2025