GitLab exposes abuse of its platform to trick software developers into downloading malicious payloads and finance companies into hiring North Koreans. Credit: Shutterstock Research from GitLab has exposed the latest tradecraft behind North Korean fake IT worker scams. GitLab banned 131 North Korean-attributed accounts last year, most of which involved JavaScript repositories that acted as resource...
The strongest version of this narrative highlights the adaptability and scale of North Korean cyber operations, which exploit trust in professional networks to infiltrate high-value sectors. GitLab's research provides concrete evidence of evolving tradecraft, including the use of AI to automate deception and malware obfuscation. The "Contagious Interview" campaign is particularly insidious, weaponizing the job-seeking process to deliver payloads directly to developers' machines. The financial re...