{"data":{"id":"40a8753c-53fe-4dbf-9f23-d22b1c8c9143","title":"North Korean fake IT worker tradecraft exposed","summary":"North Korean threat actors are running fake IT worker scams where they pose as recruiters or job candidates to trick developers into running malicious code, often through fake technical interviews in what's called the Contagious Interview campaign. GitLab disrupted these operations by banning 131 suspect accounts and repositories that hosted malware loaders (obfuscated packages designed to download and run malicious software from external locations), and researchers found that scammers are increasingly using AI to create fake identities and develop custom code obfuscation techniques.","solution":"GitLab disrupted these operations by banning suspect repositories and the 131 North Korean-attributed accounts involved in the campaign.","labels":["security"],"sourceUrl":"https://www.csoonline.com/article/4143199/north-korean-fake-it-worker-tradecraft-exposed.html","publishedAt":"2026-03-12T09:00:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"info","attackType":["supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["GitLab"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-03-12T09:00:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.65,"researchCategory":null,"atlasIds":null}}