“传染性访谈”运动背后的北朝鲜黑客正在使用ClickFix社会工程策略将伪造的就业机会的目标求职者提供给目标。 “有针对性的求职者收到邀请参加工作申请流程,将他们引导到诱饵网站,并提示他们完成技能评估。 They are then instructed to copy and paste command lines, often involving utilities like curl, to download and execute a supposed update from a separate malware distribution server, unknowingly deploying malware in the process.”The attackers are primarily targeting marketing and finance employees at cryptocurrency companies, using “lures involving various job positions, such as Portfolio Manager, Investment Manager, and Senior Product Manager, across a range of impersonated companies including Archblock, Robinhood, and攻击者经常旋转他们的基础设施,以保持领先地位,建立新的领域以避免发现。“鉴于该运动在吸引求职者方面的持续成功,威胁行动者可能会在维持运营的准备工作中保持优先型和实现其目标,并通过迅速部署新的资产来代替较高的基础,而不是在较高的基础上进行研究,而不是在较高的范围内进行一定的变化,而不是在遇到较大的变化。传染性访谈威胁行为者的基础设施部署以及由于服务提供商的行动而造成的现有基础设施的损失,这支持了这项评估。”研究人员得出结论,“缓解这种威胁的关键要素是人为因素。重要的是,求职者,尤其是加密货币领域内的求职者,在与就业互动时行使警惕性更高