Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Jasper Sleet and Coral Sleet AI-enabled IT worker scam campaign

Campaign
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

The Jasper Sleet and Coral Sleet campaign is using AI to scale fake IT worker scams, making social engineering against organizations more convincing and persistent. The operators use AI to build reusable personas, tailor applications, and keep the deception alive after hiring. They also use AI to automate parts of infrastructure setup and payload handling, which expands the campaign's reach and makes detection and response harder.

Related Happenings

LayerX font-rendering PoC exposes a browser-rendering gap in AI assistant analysis

Technical Analysis
First: 17.03.2026 15:59 Last: 17.03.2026 15:59 Sources 1

About this happening: A **LayerX** proof-of-concept showed that a **font-rendering attack** can hide malicious webpage commands from AI assistants, creating a risk of **unsafe guidance** when the brows...

Open Happening

Microsoft Teams adds lobby labeling and separate admission for third-party bots

Security Tool/Service
First: 09.03.2026 19:12 Last: 09.03.2026 19:12 Sources 1

About this happening: **Microsoft Teams** is adding **automatic lobby labels** for **external third-party bots**, making it harder for non-human participants to blend in and reducing accidental admissi...

Open Happening

Russian-speaking threat actor campaign expands across multiple victims

Campaign
First: 09.03.2026 01:35 Last: 09.03.2026 01:35 Sources 1

About this happening: A **Russian-speaking threat actor** ran an **AI-augmented campaign** against **FortiGate security appliances**, using **multiple commercial AI services** to scale compromise attem...

Open Happening

North Korea fake job-recruitment campaign using malicious Next.js repositories

Campaign
First: 25.02.2026 18:42 Last: 25.02.2026 18:42 Sources 1

About this happening: The **North Korea**-linked campaign now targets **developers** with **malicious Next.js repositories**, creating **remote code execution** and a persistent **C2** channel on infec...

Open Happening

AI as a C2 proxy abuse of Microsoft Copilot and xAI Grok browsing channels

Technical Analysis
First: 17.02.2026 20:08 Last: 17.02.2026 20:08 Sources 1

About this happening: Researchers disclosed **AI as a C2 proxy**, a technique that can turn **Microsoft Copilot** and **xAI Grok** browsing features into stealthy **command-and-control relays**, increa...

Open Happening

Timeline

  1. 06.03.2026 19:49 2 articles · 2mo ago

    Microsoft details AI-enabled fake IT worker scam tradecraft

    Technical Analysis Update

    DPRK-linked clusters Jasper Sleet and Coral Sleet are using AI to scale fake IT worker scams against organizations by improving persona creation, job-application targeting, interview deception, and day-to-day social engineering; the same tradecraft also uses Faceswap, voice-changing software, and agentic AI to create fake company websites, provision infrastructure, and test and deploy malicious payloads.

    Show sources
    Open in new tab