Contagious Interview
G10523 reportsAnalyst assessment — key judgments
- Signature techniques: T1684 (Social Engineering), T1589.001 (Credentials), T1070.004 (File Deletion).
- Primary targeting: KR, KP, US, CN.
- Steady activity: 1 report(s) in last 30d vs 1 prior (+0%).
- Recent movement: 2 new technique(s), 11 new infrastructure indicator(s) in the last 30 days.
- Hunt coverage 30% of 43 observed techniques (30 gap(s)).
- Assessment confidence: medium (60).
Activity & trend
Movement — last 30 days
Vulnerabilities in this actor's reporting · 5
- CVE-2024-1212KEV1 rpt
- CVE-2026-462421 rpt
- CVE-2026-468171 rpt
- CVE-2026-80371 rpt
- CVE-2026-84511 rpt
Overview
Contagious Interview is a North Korea–aligned threat group active since 2023. The group conducts both cyberespionage and financially motivated operations, including the theft of cryptocurrency and user credentials. Contagious Interview targets Windows, Linux, and macOS systems, with a particular focus on individuals engaged in software development and cryptocurrency-related activities. (Citation: Validin Contagious Interview North Korea ClickFix January 2025)(Citation: Esentire ContagiousInterview BeaverTail InvisibleFerret November 2024)(Citation: Datadog Contagious Interview Tenacious Pungsan October 2024)(Citation: Recorded Future Contagious Inteview BeaverTail InvisibleFerret OtterCookie February 2025)(Citation: ESET Contagious Interview BeaverTail InvisibleFerret February 2025)(Citation: Zscaler ContagiousInterview BeaverTail InvisibleFerret November 2024)(Citation: PaloAlto ContagiousInterview BeaverTail InvisibleFerret November 2023)(Citation: PaloAlto Unit42 ContagiousInterview BeaverTail InvisibileFerret October 2024)
ATT&CK technique matrix
- T1684 · Social Engineeringconf 652
- T1589.001 · Credentialsconf 652
- T1070.004 · File Deletionconf 652
- T1059.007 · JavaScriptconf 601evidence: 6th July – Threat Intelligence Report
- T1588.006 · Vulnerabilitiesconf 601evidence: 6th July – Threat Intelligence Report
- T1053.005 · Scheduled Taskconf 601
- T1113 · Screen Captureconf 601
- T1033 · System Owner/User Discoveryconf 601
- T1548.002 · Bypass User Account Controlconf 601
- T1547 · Boot or Logon Autostart Executionconf 601
- T1115 · Clipboard Dataconf 601
- T1082 · System Information Discoveryconf 601
Threat catalogue · engineering roadmap
Uncovered techniques you flagged for hunt / detection build-out, aggregated across every actor you visit. Stored locally in your browser.
Infrastructure
Relationships
Activity
| Title | Source | Severity | Collected |
|---|