THREATOPS Actor Dossier
LIVE ← Dashboard

Contagious Interview

G10523 reports
aliases · Contagious Interview · DeceptiveDevelopment · Gwisin Gang · Tenacious Pungsan · DEV#POPPER · PurpleBravo · TAG-121
Export dossier:
3
Reports
12
Techniques
9
Tactics
9
Countries
30%
Hunt coverage
7
Aliases

Analyst assessment — key judgments

  • Signature techniques: T1684 (Social Engineering), T1589.001 (Credentials), T1070.004 (File Deletion).
  • Primary targeting: KR, KP, US, CN.
  • Steady activity: 1 report(s) in last 30d vs 1 prior (+0%).
  • Recent movement: 2 new technique(s), 11 new infrastructure indicator(s) in the last 30 days.
  • Hunt coverage 30% of 43 observed techniques (30 gap(s)).
  • Assessment confidence: medium (60).

Activity & trend

SteadyLast 30d: 1 vs 1 prior (+0%)· first reported 2026-04-28 · last 2026-07-06
0
7d
1
30d
3
90d
3
All
0.2
Rpts/wk
Reporting timeline · 12 months

Movement — last 30 days

New techniques
T1059.007T1588.006
Targeting gained
ESJPTWUS
Targeting lost
CNINKP
New infrastructure
https://dailyhodl.com/2026/07/02/billionhttps://cybernews.com/security/indra-grohttps://therecord.media/japan-cyber-breahttps://cybernews.com/security/ai-agent-https://cybersecuritynews.com/900-oraclehttps://cybersecuritynews.com/bad-epoll-https://cybersecuritynews.com/citrixbleehttps://socket.dev/blog/polinrider-northhttps://www.infosecurity-magazine.com/nehttps://cybersecuritynews.com/hackers-us1.0.1.1

Vulnerabilities in this actor's reporting · 5

Overview

Analyst triage
Intelligence summary

Contagious Interview is a North Korea–aligned threat group active since 2023. The group conducts both cyberespionage and financially motivated operations, including the theft of cryptocurrency and user credentials. Contagious Interview targets Windows, Linux, and macOS systems, with a particular focus on individuals engaged in software development and cryptocurrency-related activities. (Citation: Validin Contagious Interview North Korea ClickFix January 2025)(Citation: Esentire ContagiousInterview BeaverTail InvisibleFerret November 2024)(Citation: Datadog Contagious Interview Tenacious Pungsan October 2024)(Citation: Recorded Future Contagious Inteview BeaverTail InvisibleFerret OtterCookie February 2025)(Citation: ESET Contagious Interview BeaverTail InvisibleFerret February 2025)(Citation: Zscaler ContagiousInterview BeaverTail InvisibleFerret November 2024)(Citation: PaloAlto ContagiousInterview BeaverTail InvisibleFerret November 2023)(Citation: PaloAlto Unit42 ContagiousInterview BeaverTail InvisibileFerret October 2024)

Top co-occurring indicators
    Aliases & naming
      Targeting · countries
        Targeting · named victims

          ATT&CK technique matrix

          Coverage vs hunt library:
          Hunt-coverage gaps — prioritized

            Top techniques by observation

            Threat catalogue · engineering roadmap0

            Flagged detection-engineering queue

            Uncovered techniques you flagged for hunt / detection build-out, aggregated across every actor you visit. Stored locally in your browser.

              No techniques queued yet — flag a gap above to add it here.

              Infrastructure

              IOC type mix
              Tooling / malware families
                Tracked infrastructure

                Relationships

                Related actors (behavioral cluster)
                  Attributed malware
                  Campaigns
                  No behavioral cluster, attributed malware, or campaigns recorded for this actor yet.

                  Activity

                  30-day mention timeline
                  Recent reporting
                  TitleSourceSeverityCollected