In November, the Lazarus group, North Korea’s major cyberespionage and sabotage arm, compromised a Taiwanese multimedia software program firm referred to as CyberLink and trojanized the installer for one among its business purposes. In February, Japan’s CERT reported that Lazarus uploaded malicious Python packages to PyPI, the official Python package deal repository.
One of many risks of campaigns like DEV#POPPER is that some victims who fall for the faux job interview lure are present workers on the lookout for higher alternatives. As such, they doubtless have credentials and details about tasks as a part of their present jobs, highlighting the significance of treating developer machines as vital belongings with strict entry management and monitoring.
“Primarily based on the gathered telemetry, no particular pattern in victimology was recognized,” the Securonix researchers wrote of their new report. “Nonetheless, evaluation of the collected samples revealed victims are primarily scattered throughout South Korea, North America, Europe, and the Center East, indicating that the influence of the assault is widespread.”
