North Korean IT Worker Network Tied to BeaverTail Phishing Campaign
X Cyber Group (XCyber?)
![X Cyber Group (XCyber?)]()
X Cyber Group (XCyber?)
We work with clients to keep data, people and businesses protected within the geography of the internet.
Unit 42, Palo Alto’s research team, observed that a North Korean IT worker activity cluster tracked as CL-STA-0237 and likely operating from Laos, was involved in recent phishing attacks using BeaverTail-infected video conference apps.?
Over the past 12 months, the campaign has evolved, with new malware versions including a downloader compiled using the cross-platform Qt framework. This allows attackers to deploy malware on both macOS and Windows systems from a single source code. Additionally, code updates have been made to the InvisibleFerret backdoor, which enables further control of infected devices.?
Read more here.