Now Hiring: Are you a driven and motivated 1st Line IT Support Engineer?

 

Call Anytime 24/7

 
Mail Us For Support
 
Office Address

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

  • Home
  • Malware Attacks
  • North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn
malware attacks

The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen over $10 million worth of cryptocurrency through sophisticated social engineering campaigns conducted over a six-month period.

Overview: According to Microsoft, multiple threat activity clusters connected to North Korea have been creating fake profiles on LinkedIn, posing as both recruiters and job seekers, to generate illicit revenue.

Details on Sapphire Sleet: Sapphire Sleet, active since at least 2020, is linked to hacking groups like APT38 and BlueNoroff. In November 2023, Microsoft revealed that the group had set up infrastructure impersonating skills assessment portals for its social engineering schemes.

Methodology: One tactic involves posing as venture capitalists interested in a target user’s company. Victims are then shown error messages during fake meetings, prompting them to contact the threat actor, who sends them scripts that download malware onto their computers.

Fake Recruiters on LinkedIn: Sapphire Sleet also impersonates recruiters from financial firms like Goldman Sachs on LinkedIn, asking targets to complete skills assessments that install malware, giving attackers access to the system.

Quote from Microsoft: “The threat actor sends the target user a sign-in account and password. In signing in to the website and downloading the code associated with the skills assessment, the target user downloads malware onto their device, allowing the attackers to gain access to the system,” Microsoft said.

North Korean IT Workers Abroad: North Korea’s deployment of IT workers abroad poses a triple threat: earning legitimate income, abusing access to steal intellectual property, and committing data theft for ransom.

Facilitators and Fake Profiles: These IT workers use facilitators to access platforms for remote jobs, creating fake profiles and portfolios on sites like GitHub and LinkedIn.

Use of AI Tools: AI tools, including Faceswap, are used to alter photos and documents for job applications. Some IT workers also experiment with voice-changing software, and they meticulously track payments received from their activities.

Leave A Comment

Your email address will not be published. Required fields are marked *