Contagious Interview
Contagious Interview is a North Korea–aligned threat group active since 2023. The group conducts both cyberespionage and financially motivated operations, including the theft of cryptocurrency and user credentials. Contagious Interview targets Windows, Linux, and macOS systems, with a particular focus on individuals engaged in software development and cryptocurrency-related activities.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low1.6
Low signal strength
Mentions2
Sources2
High conf.2
Last seenMay 2026
First observed
2025-10-19
Last active
—
Origin
North Korea
Aliases
7
Techniques
54
Campaigns
0
North Korea
Attribution signals
2 mentions · 2 sources#1has been weaponized byhigh
TTP match
recorded-future
May 2026
"sophisticated state-sponsored groups such as BlueDelta (aka APT28 ) and the North Korean group PurpleBravo"
#2continuedhigh
TTP match
eset
May 2026
"Lazarus and DeceptiveDevelopment continued to invest in long-term relationship building with high-value targets"
Hedge terms observed
continuedhas been weaponized by