RST TI Report Digest: 26 Jan 2026

PurpleBravo, a North Korean state-sponsored actor, is actively targeting the IT software supply chain—particularly developers in the cryptocurrency sector—through fraudulent recruiter personas and malicious coding tests to deliver malware. The group deploys BeaverTail infostealer and multi-platform RATs (PyLangGhost, GolangGhost) to exfiltrate browser credentials and crypto-wallet data; the report maps extensive C2 infrastructure and provides numerous IoCs across South Asia and North America and notes potential resource sharing with another DPRK-linked cluster, PurpleDelta.