✨ Visual Editor

close

palette Canvas & Background

Gradient:arrow_forward
Text Color:
135Β°

style Card Style

40px
16px

text_fields Typography

16px
International Cyber Digest
@IntCyberDigest
β€ΌοΈπŸ‡°πŸ‡΅ Meet North Korean recruiter 'Aaron,' who infiltrates Western companies by using AI and posing as a remote IT worker using stolen or rented identities.

He was lured into a sandbox by researchers, who observed the wild APT in a controlled setting to see what he would do.
Video thumbnail
VIDEO
International Cyber Digest
@IntCyberDigest
He wanders around the web sending messages to people like "I’d like to offer your an opportunity that I think could be interesting.".. Turns out @MauroEldritch likes opportunities.
Thread image
International Cyber Digest
@IntCyberDigest
Aaron then asks the "legit" worker to download AnyDesk.
Video thumbnail
VIDEO
International Cyber Digest
@IntCyberDigest
Aaron then discusses the "legit" worker's setup.
Video thumbnail
VIDEO
International Cyber Digest
@IntCyberDigest
In record time, AnyRun provided Mauro with a special version of their sandbox that mimics a developer's machine as closely as possible.
Thread image
International Cyber Digest
@IntCyberDigest
The first thing he does is run DxDiag (DirectX Diagnostic Tool) to get a full report on the machine’s hardware.
Thread image
International Cyber Digest
@IntCyberDigest
Aaron tried to determine the location, so Mauro introduced multiple system crashes to delay him.
Thread image
International Cyber Digest
@IntCyberDigest
He then left a note for Mauro… how very romantic.
Thread image
International Cyber Digest
@IntCyberDigest
Aaron then logged into his Google account and turned on the sync feature in Chrome.
Thread image
International Cyber Digest
@IntCyberDigest
This opened up the North Korean toolset, which includes multiple AI tools like Simplify Copilot (to autofill job applications), AiApply (to automate job seeking), Final Round AI (which provides answers for your interview questions in real time), Saved Prompts for GPT (to bookmark LLM prompts), the OTP[.]ee extension (or Authenticator[.]cc, an OTP generator), and last but not least, Google Remote Desktop.
Thread image
International Cyber Digest
@IntCyberDigest
Read the full story here:

any.run/cybersecurity-…
Generated by Thread Navigator
100%
view_carousel Carousel Studio NEW
Press ⌘ + S to quick-export