AnonymousMedia.org

Category: Uncategorized

  • North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews

    North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews


    As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, marketing, and software development sectors in Europe, South Asia, the Middle East, and Central America.

    The new findings come from Recorded Future’s Insikt Group, which is tracking the North Korean threat activity cluster under the moniker PurpleBravo. First documented in late 2023, the campaign is also known as CL-STA-0240, DeceptiveDevelopment, DEV#POPPER, Famous Chollima, Gwisin Gang, Tenacious Pungsan, UNC5342, Void Dokkaebi, and WaterPlum.

    The 3,136 individual IP addresses, primarily concentrated around South Asia and North America, are assessed to have been targeted by the adversary from August 2024 to September 2025. The 20 victim companies are said to be based in Belgium, Bulgaria, Costa Rica, India, Italy, the Netherlands, Pakistan, Romania, the United Arab Emirates (U.A.E.), and Vietnam.

    Cybersecurity

    “In several cases, it is likely that job-seeking candidates executed malicious code on corporate devices, creating organizational exposure beyond the individual target,” the threat intelligence firm said in a new report shared with The Hacker News.

    The disclosure comes a day after Jamf Threat Labs detailed a significant iteration of the Contagious Interview campaign wherein the attackers abuse malicious Microsoft Visual Studio Code (VS Code) projects as an attack vector to distribute a backdoor, underscoring continued exploitation of trusted developer workflows to achieve their twin goals of cyber espionage and financial theft.

    The Mastercard-owned company said it detected four LinkedIn personas potentially associated with PurpleBravo that masqueraded as developers and recruiters and claimed to be from the Ukrainian city of Odesa, along with several malicious GitHub repositories that are designed to deliver known malware families like BeaverTail.

    PurpleBravo has also been observed managing two distinct sets of command-and-control (C2) servers for BeaverTail, a JavaScript infostealer and loader, and a Go-based backdoor known as GolangGhost (aka FlexibleFerret or WeaselStore) that is based on the HackBrowserData open-source tool.

    The C2 servers, hosted across 17 different providers, are administered via Astrill VPN and from IP ranges in China. North Korean threat actors’ use of Astrill VPN in cyber attacks has been well-documented over the years.

    It’s worth pointing out that Contagious Interview complements a second, separate campaign referred to as Wagemole (aka PurpleDelta), where IT workers from the Hermit Kingdom actors seek unauthorized employment under fraudulent or stolen identities with organizations based in the U.S. and other parts of the world for both financial gain and espionage.

    Cybersecurity

    While the two clusters are treated as disparate sets of activities, there are significant tactical and infrastructure overlaps between them despite the fact that the IT worker threat has been ongoing since 2017.

    “This includes a likely PurpleBravo operator displaying activity consistent with North Korean IT worker behavior, IP addresses in Russia linked to North Korean IT workers communicating with PurpleBravo C2 servers, and administration traffic from the same Astrill VPN IP address associated with PurpleDelta activity,” Recorded Future said.

    To make matters worse, candidates who are approached by PurpleBravo with fictitious job offers have been found to take the coding assessment on company-issued devices, effectively compromising their employers in the process. This highlights that the IT software supply chain is “just as vulnerable” to infiltration from North Korean adversaries other than the IT workers.

    “Many of these [potential victim] organizations advertise large customer bases, presenting an acute supply-chain risk to companies outsourcing work in these regions,” the company noted. “While the North Korean IT worker employment threat has been widely publicized, the PurpleBravo supply-chain risk deserves equal attention so organizations can prepare, defend, and prevent sensitive data leakage to North Korean threat actors.”



    Source link

  • US to transfer Islamic State prisoners from Syria to Iraq

    US to transfer Islamic State prisoners from Syria to Iraq


    Thomas Mackintoshand

    Rachel Hagan

    EPA man stands in front of gate with prisoners behindEPA

    Syrian government security forces in front of the al-Hol camp in Hasakeh province

    The US military has begun the transfer up to 7,000 Islamic State (IS) group detainees from prisons in north-eastern Syria to Iraq, as Syria’s new government takes control of areas long run autonomously by Kurdish-led forces.

    US Central Command (Centcom) said it had already moved 150 IS fighters from Hassakeh province to a “secure location” in Iraq.

    It said the move aimed to prevent prisoners breaking out and regrouping.

    The transfer follows a ceasefire agreement that has brought much of Syria’s north east under Damascus control, after the Kurdish-led Syrian Democratic Forces (SDF) withdrew from key areas, including detention sites holding thousands of IS suspects and their relatives.

    CENTCOM said its commander Admiral Brad Cooper discussed the transfers with Syria’s new president Ahmed al-Sharaa, stressing the need for Syrian forces to uphold the ceasefire and avoid any action that could interfere with what he described as an “orderly and secure transfer” of detainees.

    Rights group Reprieve warned that detainees transferred to Iraq could face torture and execution and urged the UK government to establish whether any British nationals were among those being moved.

    The charity said it believed there were no more than 10 British men held in the prisons, though exact numbers were unclear. Around 55 to 60 British nationals, most of them children, remain detained across camps and prisons in the region, it said.

    Despite the ceasefire there have been fresh clashes, with Syria’s defence ministry saying seven soldiers were killed in a drone attack in Hassakeh on Wednesday, describing the incident a violation of the ceasefire.

    The SDF denied carrying out the strike and accused Damascus of also launching attacks, including near the town of Kobane on the Turkish border.

    The government and SDF had earlier blamed each other over the escape of suspected IS fighters from an SDF-run prison in Shaddadi, in southern Hassakeh.

    Map showing forces in control of Syria as of 20 January 2026

    Syria’s interior ministry said on Monday night that its special forces and army soldiers had entered the town following “the escape of around 120 [IS] terrorists” from the prison. It said security forces later recaptured 81 of the fugitives.

    The SDF said it had lost control of the prison following clashes with “Damascus-affiliated factions”, warning of a “serious security catastrophe”.

    SDF spokesman Farhad Shami said around 1,500 IS members may have escaped during the clashes, according to Reuters news agency. The SDF also accused government forces of attacking al-Aqtan prison, north of the city of Raqqa, which is also holding IS members and leaders.

    The SDF helped US-led forces defeat IS during Syria’s 13-year civil war and, backed by the US, went on to jail around 12,000 IS members, including thousands of foreigners, while detaining tens of thousands of relatives in camps across the north east.

    However US special envoy Tom Barrack has said the US alliance with the SDF had “largely expired” and that his country was currently focused on securing IS detention facilities and facilitating talks between the SDF and al-Sharaa’s government.

    “This moment offers a pathway to full integration into a unified Syrian state with citizenship rights, cultural protections, and political participation – long denied under Bashar al-Assad’s regime,” he wrote on X.



    Source link

  • Trump’s jibes are wearing thin for many of Europe’s leaders

    Trump’s jibes are wearing thin for many of Europe’s leaders


    Nick BeakeEurope correspondent, Brussels

    AFP via Getty Images Close up shot of Donald Trump speaking into a microphone in front of a board with the words "World Economic Forum" on it.AFP via Getty Images

    Donald Trump delivered a wide-ranging speech at the Davos summit in Switzerland

    “Without us, right now you’d all be speaking German,” President Donald Trump told his audience at the World Economic Forum in the Swiss Alps on Wednesday.

    He may well have forgotten German is the most widely spoken of the four official languages in Switzerland.

    Many people – from Brussels to Berlin to Paris – will have found his speech to be insulting, overbearing and inaccurate.

    In it, he presented the idea that Europe is careering down the wrong path. That is a theme Trump has frequently explored, but it has a different impact when delivered on European soil to the faces of supposed friends and allies.

    There is undoubtedly huge relief across Europe that the US president ruled out the use of military force to take Greenland at the forum in Davos.

    But, even if he keeps his word, the fundamental problem remains that he wants a piece of land the owners say is not for sale.

    “What is quite clear after this speech is that the president’s ambition remains intact,” Danish Foreign Minister Lars Løkke Rasmussen told reporters in Copenhagen.

    He said Trump’s comments about the military were “positive in isolation”.

    Thousands of miles from Davos in Nuuk, the Greenlandic capital, government officials unveiled a new brochure giving advice to residents about what to do if there were a “crisis” in the territory.

    Self-Sufficiency Minister Peter Borg said the document was “an insurance policy”. He said Greenland’s government did not expect to have to use it.

    Crucially, there was no suggestion in Trump’s speech of any climb down on his current threat to hit the eight European countries – he deems to be most guilty of thwarting his Arctic ambitions – with new tariffs.

    The proposed 10% taxes that are due to kick in from 1 February did not get a mention.

    Any hope in Europe that President Trump would take the sting out of this transatlantic crisis was smashed as he began to outline his uncompromising argument for taking the island.

    He ignored the European insistence that Greenland is sovereign EU territory and framed its acquisition as a perfectly reasonable transaction given the military support the US had provided the continent for decades.

    Trump insisted the US had been wrong to “give back” Greenland after securing it during World War Two.

    Greenland has never been part of the United States.

    EPA/Shutterstock People walk along an icy street in Nuuk, Greenland's capital. A sign on the street says: "Greenland is not for sale!"EPA/Shutterstock

    Greenland is a semi-autonomous territory of Denmark

    Trump returned to his familiar refrain that the European members of Nato had done nothing for the US.

    He disparaged Denmark in particular when recalling how in 1940 it “fell to Germany after just six hours of fighting and was totally unable to defend either itself or Greenland”.

    Trump’s military history lesson failed to recall the Danes were a key partner of the US-led invasion of Afghanistan and paid a heavy price.

    Denmark lost 44 soldiers, proportionately more than any other ally apart from the US. They also lost personnel alongside US forces in Iraq.

    Many other Nato allies supported the US after the 9/11 attacks in 2001.

    It was French President Emmanuel Macron who was singled out for the most jibes.

    He was mocked for his appearance in sunglasses on Tuesday – he had an eye problem – and his “tough” talking at the podium.

    Trump insisted he liked Macron, before continuing: “Hard to believe, isn’t it?”

    But the whole joke is wearing thin for many European leaders.

    They have spent a year trying to flatter, impress and appease the US president and in return have been presented with their biggest threat to date.

    The European Union meets on Thursday in Brussels for an emergency summit, with top European politicians having chosen to reach for their toughest language yet in response to US policy.

    Reuters France's President Emmanuel Macron wears sunglasses as he attends the Davos economic forumReuters

    French President Emmanuel Macron drew attention for his stern rebuke of Trump’s threats on Tuesday

    The ball is now in the European court – do they ramp up the rhetoric around counter-tariffs and on rolling out the EU’s “trade bazooka”?

    Or do they keep their powder dry and wait until 1 February to see if Trump actually follows through on his latest threat?

    At the start of his one hour and 12 minute meandering address, President Trump boasted that at home “people are very happy with me”.

    After this latest extraordinary round of Trump democracy, it is a sentiment much harder to find in the Europe the president claims to love so much.



    Source link