Canvas & Ratio
Choose your destination platform format
Layout Template
Choose a content structure for your slides
Preset Themes
Typography & Sizing
Brand Kit Customization
AGENCYConfigure brand assets for headers & footers
Outro Slide CTA
Customize your closing call-to-action slide
Background Pattern
Build Your Carousel
Drag and drop any post card below onto a slide, or use the quick buttons to insert content/images instantly!

‼️🇰🇵 Meet North Korean recruiter 'Aaron,' who infiltrates Western companies by using AI and posing as a remote IT worker using stolen or rented identities. He was lured into a sandbox by researchers, who observed the wild APT in a controlled setting to see what he would do.

He wanders around the web sending messages to people like "I’d like to offer your an opportunity that I think could be interesting.".. Turns out @MauroEldritch likes opportunities.


Aaron then asks the "legit" worker to download AnyDesk.

Aaron then discusses the "legit" worker's setup.

In record time, AnyRun provided Mauro with a special version of their sandbox that mimics a developer's machine as closely as possible.


The first thing he does is run DxDiag (DirectX Diagnostic Tool) to get a full report on the machine’s hardware.


Aaron tried to determine the location, so Mauro introduced multiple system crashes to delay him.


He then left a note for Mauro… how very romantic.


Aaron then logged into his Google account and turned on the sync feature in Chrome.


This opened up the North Korean toolset, which includes multiple AI tools like Simplify Copilot (to autofill job applications), AiApply (to automate job seeking), Final Round AI (which provides answers for your interview questions in real time), Saved Prompts for GPT (to bookmark LLM prompts), the OTP[.]ee extension (or Authenticator[.]cc, an OTP generator), and last but not least, Google Remote Desktop.


Read the full story here: <a target="_blank" href="https://any.run/cybersecurity-blog/lazarus-group-it-workers-investigation/" color="blue">any.run/cybersecurity-…</a>