RST TI Report Digest: 17 Feb 2025

PurpleBravo, a North Korea–linked threat actor, targeted cryptocurrency firms and other organizations using fraudulent remote IT personnel, at least seven China-based front companies, and malware families (BeaverTail, InvisibleFerret, OtterCookie) to enable fraud, data theft, and persistent access; a January 2025 U.S. DOJ indictment alleges they targeted over 64 U.S. companies and includes multiple IOCs (IPs, domains, URLs, hashes, emails).