State-sponsored social engineering and supply chain infiltration (Sandworm ClickFix, NK IT workers, Russian password manager, NK REF9403)
Key Questions
What new tactics is Russia's Sandworm group using?
Sandworm (UAC-0145) deployed ClickFix attacks with fake CAPTCHAs and Ethereum smart contracts for dynamic malware delivery against Ukraine.
How are North Korean IT workers infiltrating companies?
DPRK-linked engineers continue to gain employment at firms like Consensys by posing as legitimate developers, creating supply-chain risks.
Which password manager raised supply-chain concerns in Europe?
Passwork, used by Irish state agencies and presented as EU-based, shares code with a Russian state-certified firm and has deep security-service ties.
What technique does North Korea's REF9403 campaign use?
It employs SVG comment-block steganography to deliver four-stage malware that evades all antivirus detection, targeting developers via Slack.
What indicators has CERT-UA released?
CERT-UA published IoCs related to Sandworm's recent ClickFix and SMARTAXE operations.
Russia's Sandworm group (UAC-0145) adopted ClickFix attacks against Ukraine using fake CAPTCHAs and Ethereum smart contracts (SMARTAXE) for dynamic content delivery—a novel state-sponsored social engineering chain. North Korean IT worker infiltration continues: Consensys (MetaMask) caught a DPRK-linked engineer within a month, highlighting persistent supply chain risks for crypto firms. A Russian-linked password manager with deep security service ties infiltrated Irish state agencies under a fake EU front, exposing supply chain vulnerabilities in credential management. New: North Korea's REF9403 campaign uses SVG comment-block steganography to deliver four-stage malware with zero AV detections, targeting developers via Elastic's Slack. New: European password manager shares code with Russian state-certified firm, raising supply chain concerns for government users. CERT-UA provides IoCs for Sandworm. These developments underscore evolving state-sponsored tactics targeting both human and software supply chains.