North Korean cyber operatives, identified as Sapphire Sleet, have reportedly siphoned off over $10 million in cryptocurrency through sophisticated social engineering schemes over six months, according to Microsoft. These hackers, linked to notorious groups like APT38 and BlueNoroff, have been active since at least 2020.
Tactics on LinkedIn:
- Fake Profiles: Sapphire Sleet creates deceptive LinkedIn profiles, posing as recruiters or job seekers. They’ve notably impersonated representatives from high-profile companies like Goldman Sachs to lure victims.
- Phishing for Access: They set up fake job interviews or business meetings. When victims try to join these meetings, they encounter staged technical difficulties prompting them to contact the ‘support’. This interaction leads to victims downloading malware disguised as necessary files to fix the connection issues. These scripts, whether AppleScript for Macs or Visual Basic Script for Windows, covertly install malware that steals credentials and cryptocurrency.
- Skills Assessment Scams: Victims are also lured with fake job assessments. They are given login credentials to a controlled website where downloading the assessment’s code actually installs malware on their devices.
Broader Implications:
- IT Workers Abroad: Microsoft highlights that North Korea sends IT workers overseas, which not only earns money through legitimate means but also facilitates espionage and intellectual property theft. These workers use facilitators to bypass restrictions on obtaining bank accounts or phone numbers necessary for job applications.
- AI Utilization: The hackers leverage AI for various deceptive practices:
- Image Manipulation: Tools like Faceswap are used to alter photos for use on resumes or profiles, enhancing their credibility.
- Voice Altering: They experiment with AI to change voices, potentially aiding in their impersonations or scams.
- Financial Tracking: These operations are meticulously organized, with the IT workers reportedly earning at least $370,000 through their schemes, showcasing a blend of cybercrime and financial tracking for efficiency.
This ongoing campaign by Sapphire Sleet not only underscores North Korea’s cyber capabilities but also their innovative use of technology to bypass international sanctions and fund their regime.