Jasper Sleet and Coral Sleet AI-enabled IT worker scam campaign
Campaign
Summary
Hide ▲
Show ▼
The Jasper Sleet and Coral Sleet campaign is using AI to scale fake IT worker scams, making social engineering against organizations more convincing and persistent. The operators use AI to build reusable personas, tailor applications, and keep the deception alive after hiring. They also use AI to automate parts of infrastructure setup and payload handling, which expands the campaign's reach and makes detection and response harder.
Related Happenings
JustAskJacky fake AI assistant malware campaign
Campaign
H score33
First: 04.06.2026 17:00
Last: 04.06.2026 17:00
Sources 1
About this happening:
The **JustAskJacky** campaign is distributing a fake **AI assistant** that installs a **backdoor**, turning trusted-looking software into a malware delivery path. The operation us...
JustAskJacky fake AI assistant malware campaign
CampaignAbout this happening: The **JustAskJacky** campaign is distributing a fake **AI assistant** that installs a **backdoor**, turning trusted-looking software into a malware delivery path. The operation us...
LayerX font-rendering PoC exposes a browser-rendering gap in AI assistant analysis
Technical Analysis
H score25
First: 17.03.2026 15:59
Last: 17.03.2026 15:59
Sources 1
About this happening:
A **LayerX** proof-of-concept showed that a **font-rendering attack** can hide malicious webpage commands from AI assistants, creating a risk of **unsafe guidance** when the brows...
LayerX font-rendering PoC exposes a browser-rendering gap in AI assistant analysis
Technical AnalysisAbout this happening: A **LayerX** proof-of-concept showed that a **font-rendering attack** can hide malicious webpage commands from AI assistants, creating a risk of **unsafe guidance** when the brows...
Microsoft Teams adds lobby labeling and separate admission for third-party bots
Security Tool/Service
H score11
First: 09.03.2026 19:12
Last: 09.03.2026 19:12
Sources 1
About this happening:
**Microsoft Teams** is adding **automatic lobby labels** for **external third-party bots**, making it harder for non-human participants to blend in and reducing accidental admissi...
Microsoft Teams adds lobby labeling and separate admission for third-party bots
Security Tool/ServiceAbout this happening: **Microsoft Teams** is adding **automatic lobby labels** for **external third-party bots**, making it harder for non-human participants to blend in and reducing accidental admissi...
Russian-speaking threat actor campaign expands across multiple victims
Campaign
H score38
First: 09.03.2026 01:35
Last: 09.03.2026 01:35
Sources 1
About this happening:
A **Russian-speaking threat actor** ran an **AI-augmented campaign** against **FortiGate security appliances**, using **multiple commercial AI services** to scale compromise attem...
Russian-speaking threat actor campaign expands across multiple victims
CampaignAbout this happening: A **Russian-speaking threat actor** ran an **AI-augmented campaign** against **FortiGate security appliances**, using **multiple commercial AI services** to scale compromise attem...
North Korea fake job-recruitment campaign using malicious Next.js repositories
Campaign
H score44
First: 25.02.2026 18:42
Last: 25.02.2026 18:42
Sources 1
About this happening:
The **North Korea**-linked campaign now targets **developers** with **malicious Next.js repositories**, creating **remote code execution** and a persistent **C2** channel on infec...
North Korea fake job-recruitment campaign using malicious Next.js repositories
CampaignAbout this happening: The **North Korea**-linked campaign now targets **developers** with **malicious Next.js repositories**, creating **remote code execution** and a persistent **C2** channel on infec...
Timeline
-
06.03.2026 19:49 2 articles · 4mo ago
Microsoft details AI-enabled fake IT worker scam tradecraft
Technical Analysis UpdateDPRK-linked clusters Jasper Sleet and Coral Sleet are using AI to scale fake IT worker scams against organizations by improving persona creation, job-application targeting, interview deception, and day-to-day social engineering; the same tradecraft also uses Faceswap, voice-changing software, and agentic AI to create fake company websites, provision infrastructure, and test and deploy malicious payloads.
Show sources
- North Korean APTs Use AI to Enhance IT Worker Scams — www.darkreading.com — 06.03.2026 19:49
- North Korean APTs Use AI to Enhance IT Worker Scams — www.darkreading.com — 06.03.2026 19:49