Threat Intelligence Content Updates

Threat Intel Content Update: 7/8/2025

Written by Tidal Cyber | Jul 8, 2025 5:46:54 PM

North Korean IT Worker Threats

Threat Content Highlights

“Trending & Emerging Threats” weekly update: North Korean IT Worker Threats

  • We added a new Campaign object based on recent Microsoft intelligence around North Korean workers who are believed to fraudulently gain employment with Western companies (activity that Microsoft tracks as “Jasper Sleet”). 

    • This is the second Campaign we’ve added around these schemes, and this week’s Threat Profile update includes both objects, weighted to emphasize recency.

    • These workers take many steps to trick employees into hiring them, and after they're onboarded, detection opportunities could be relatively limited and/or noisy (e.g. VPN or remote access tool usage).

  • A relatively unique characteristic of these schemes is use of IP-based keyboard/video/mouse devices (T1219.003 - Remote Access Hardware). 

  • Tidal Coverage Map Recommendations highlight an ATT&CK Analytic focused on a relevant implementation of this Sub-Technique: