North Korean fake IT worker tradecraft exposed
Summary
North Korean threat actors are running fake IT worker scams where they pose as recruiters or job candidates to trick developers into running malicious code, often through fake technical interviews in what's called the Contagious Interview campaign. GitLab disrupted these operations by banning 131 suspect accounts and repositories that hosted malware loaders (obfuscated packages designed to download and run malicious software from external locations), and researchers found that scammers are increasingly using AI to create fake identities and develop custom code obfuscation techniques.
Solution / Mitigation
GitLab disrupted these operations by banning suspect repositories and the 131 North Korean-attributed accounts involved in the campaign.
Classification
Affected Vendors
Related Issues
Original source: https://www.csoonline.com/article/4143199/north-korean-fake-it-worker-tradecraft-exposed.html
First tracked: March 12, 2026 at 08:00 AM
Classified by LLM (prompt v3) · confidence: 65%