Hackers In Disguise: North Korean Operatives Steal Billions In Crypto As IT Workers

For years, cybersecurity threats like hacking and identity theft have compromised not just individual accounts but also companies and organizations. And many governments point their fingers to North Korea as the probable location of these hackers that cost the global economy billions of dollars.

Now, reports from the Cyberwarcon, a cybersecurity conference in Washington DC, have confirmed the allegations and painted a sustained effort of North Korean hackers to undermine corporations.

Microsoft researcher James Elliot disclosed that “IT workers” from North Korea have infiltrated hundreds of companies worldwide through impersonation.

Hackers Secretly Work With North Korea To Infiltrate Organizations

According to experts, a corporate recruiter, venture capitalist, and IT worker are typical jobs North Korean hackers hold. Security experts at Cyberwarcon disclosed the growing cybersecurity breach that highlights the disruptions caused by cybersecurity threats. During the meeting, experts provided an updated assessment of hackers’ threat to global security.

Experts say North Korea is sustaining an effort to undermine companies by allowing its hackers to pose as prospective employees. The hackers’ main objectives were to earn money for the North Korean government and steal information that could help build its weapons program.

The group was also responsible for the recent spate of cryptocurrency hacking incidents, raking in billions of dollars. Since it has already been sanctioned, North Korea is increasingly bolder in its efforts.

North Korea And Its Hacking Groups

Experts say that several hacker groups partner with the North Korean government. According to Microsoft, one of these groups is “Ruby Sleet,” who infiltrated defense and aerospace companies to steal industry information that can help the hermit state develop its navigation and weapons systems.

Then, there’s the “Sapphire Sleet,” who passed themselves off as human resource recruiters and venture capitalists. This group worked to steal cryptocurrencies from companies and individuals. According to investigations, the hackers would contact their targets to set up a virtual meeting. However, this virtual meeting is designed not to load correctly.

Under this setup, the hackers will convince the unsuspecting targets to download malware, which they will explain as a tool to solve the issue. Under the fake recruitment process, the hacker will ask the candidate to download a skills assessment test that includes malware.

Microsoft Warns Against Hackers From NoKor

In the same conference, researchers warned the industry about the “triple threat.” They mentioned that NoKor cyber criminals can gain employment by tricking employees, earning money through their jobs, and potentially stealing information.

In the Microsoft study, hundreds of companies inadvertently hired these hackers. Only a few companies have come forward and shared their experiences.

For example, KnowBe4 shared that they were tricked into hiring these impostors. Upon learning of the scheme, the company immediately blocked the hackers’ access to their system.

Featured image from Bleeping Computer, chart from TradingView