North Korean hackers expand crypto and IT targeting efforts

North Korean hacking groups have intensified their operations, targeting multinational IT companies and cryptocurrency firms using advanced social engineering tactics.

At the Cyberwarcon conference, researchers identified two key groups, "Sapphire Sleet" and "Ruby Sleet," as driving these activities.

Sapphire Sleet focuses on recruitment scams, posing as legitimate recruiters to lure victims into fake job interviews.

During these interactions, victims are exposed to malware concealed as PDF files or malicious links, compromising their systems.

Ruby Sleet, meanwhile, has targeted aerospace and defense contractors in the United States, United Kingdom, and South Korea, aiming to extract sensitive military information.

According to TechCrunch, these hackers are employing fake identities generated through AI, social media platforms, and voice-changing technology to infiltrate companies.

This tactic enhances the credibility of their scams and allows them to operate within their targets undetected.

The cryptocurrency sector remains a prominent target for North Korean hackers.

In August, onchain researcher ZackXBT reported that 21 developers, allegedly linked to North Korea, were involved in various crypto projects under false identities.

The Federal Bureau of Investigation issued a warning in September, highlighting how North Korean hackers use malware disguised as job offers to steal crypto keys and digital assets.

In October, concerns emerged within the Cosmos blockchain ecosystem regarding its Liquid Staking Module, reportedly developed by North Korean-linked individuals.

Jacob Gadikian, a Cosmos developer, described these individuals as “the world’s most skilled and prolific crypto thieves,” prompting security audits of the module to ensure its integrity.