North Korean hackers expand social engineering operation to IT firms: Report
Hackers with ties to the North Korean government have reportedly expanded social engineering scams designed to steal cryptocurrencies by infiltrating “hundreds” of large, multinational information technology firms.
According to an article from TechCrunch, researchers at the Cyberwarcon cybersecurity conference identified two North Korean hacker groups called “Sapphire Sleet” and “Ruby Sleet.”
Sapphire Sleet targeted individuals through fraudulent employment schemes by posing as legitimate recruiters and luring unsuspecting victims into interviews or other offers of employment. The hackers would then infect the users’ computers with malware disguised as picture-document files (PDFs) or malicious links at some point during the interview process.
Ruby Sleet managed to infiltrate aerospace and defense contractors in the United States, the United Kingdom, and South Korea to steal military secrets.
Additionally, the report mentioned that North Korean IT workers were using fake identities crafted through AI, social media, and voice-changing technologies to infiltrate the companies and carry out recruitment scams.
Crypto theft in November 2024. Source: Immunefi, Because Bitcoin
Related: South Korea confirms North Korea behind $50M Upbit hack
North Korean hackers target crypto industry
Long before the researchers at Cyberwarcon issued a warning about North Korean hacking groups targeting information technology companies, hackers associated with the DPRK regime were targeting cryptocurrency firms using the same tactics.
In August, onchain sleuth ZackXBT claimed to have identified 21 developers , believed to be North Koreans, working on various crypto projects using fake identities.
Later, in September, the Federal Bureau of Investigation (FBI) issued a warning about North Korean hackers targeting crypto companies and decentralized finance projects with malware disguised as employment offers. Once the user downloaded the malware or clicked a malicious link, their private keys would be stolen.
More recently, in October, the Cosmos ecosystem faced concerns over its Liquid Staking Module, which was allegedly built by North Korean developers .
At the time, Cosmos ecosystem developer Jacob Gadikian said, “The people who built the LSM are the world’s most skilled and prolific crypto thieves.” The threat of backdoors and other malicious lines of code prompted several security audits of the Cosmos Liquid Staking Module.
Magazine: Lazarus Group’s favorite exploit revealed — Crypto hacks analysis
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
FTX Begins $5B Stablecoin Payout to Creditors
FTX starts distributing $5B in stablecoins to creditors, marking a major step in bankruptcy resolution.FTX Launches Massive Creditor Repayment PlanWhat Creditors Can ExpectA Turning Point in Crypto Legal Recovery
Canary Files for Staked CRO ETF with U.S. SEC
Canary submits S-1 filing to launch a Staked CRO ETF, signaling mainstream interest in Cronos.Canary Takes First Step Toward Staked CRO ETFWhat is Staked CRO and Why It MattersA Boost for Cronos and the Broader Market
Huge Returns Ahead? Nexchain & BlockDAG Lead 2025’s Best Crypto Presales
Nexchain leads 2025 crypto presales with AI-powered scalability, gas fee rewards, and 400K TPS—raising \$3.4M as investors seek real utility.Nexchain: Web3 Infrastructure Powered by AI and Smart IncentivesNexchain’s Momentum Signals Long-Term PotentialBlockDAG Builds Buzz, but Nexchain Pulls AheadWhy Nexchain Tops the List of 2025 Crypto Presales
Fidelity Buys $38.3M in Ethereum Amid Market Buzz
Fidelity invests $38.3 million in Ethereum, signaling growing institutional confidence in ETH.Fidelity Makes Major Ethereum InvestmentInstitutional Confidence in EthereumWhat This Means for the Crypto Market
Trending news
MoreCrypto prices
More
