The threat actor CL-STA-0237 leveraged compromised credentials from a U.S.-based SMB IT services company to register new domains linked to the MiroTalk fake job campaign, potentially using the company’s infrastructure and reputation for malicious activities. CL-STA-0237 may have either compromised the company’s credentials to impersonate them for malicious activities or leveraged a preexisting relationship, such … Continue reading North Korean Hackers Target Job Seekers with Weaponized Video Apps