This campaign is an offshoot of the more familiar and pervasive fake job interview and phony tech worker scams that have been coming from North Korea for several years.
Google said it has found 53 victims that have been impacted by the group, which it has tracked since 2017.
Read More Google Disrupts ‘Prolific, Elusive’ China-Linked Actor
In a parallel Tuesday announcement, the Treasury Department also sanctioned the exploit broker network that had acquired the tools.
Read More Former US Defense Contractor Sentenced to Jail For Selling Exploits
Exploitation of CVE-2026-1281 and CVE-2026-1340 is “widespread and mostly automated,” according to Unit 42 researchers.
Read More Researchers Warn of ‘Widespread’ Ivanti EPMM Exploitation
The hardcoded credential vulnerability (CVE-2026-22769) exists in Dell RecoverPoint for Virtual Machines and has been exploited since mid-2024.
Read More Chinese Actors Exploited Dell RecoverPoint for VMs Flaw Since 2024
That vulnerability also was patched in macOS, but the active exploitation that Apple disclosed was against iOS only.
The exploited vulnerabilities in question exist across various products, from Microsoft Word to Windows Shell.
Read More Microsoft Fixes Six Exploited Bugs in February Patch Tuesday Updates
