JOB RECRUITMENT SCAM: North Korea-linked threat actor Sapphire Sleet have stolen and estimated $10 million in cryptocurrency through social engineering campaigns over a six-month period. Microsoft reported that multiple clusters of threat activities from this group involved creating fake LinkedIn profiles posing as recruiters or job seekers to generate revenue for North Korea.
Active since 2020, Sapphire Sleet is associated with hacking groups like APT38 and BlueNoroff. In November 2023, Microsoft disclosed that the group had set up infrastructure to impersonate skills assessment portals, facilitating social engineering attacks.
One of Sapphire Sleet’s primary methods involves posing as venture capitalists interested in target companies to arrange online meetings. Targets encountering errors while connecting are urged to contact the supposed room administrator, them to download malicious scripts.
Victims who reach out are sent either AppleScript or Visual Basic Script files, depending on their operating systems, under the guise of resolving connection issues. These scripts download malware, enabling the attackers to steal credentials and cryptocurrency wallets.
Sapphire Sleet also poses as job recruitment for financial firms like Goldman Sachs on LinkedIn, directing targets to a controlled website for skills assessments. Malware then gets downloaded when users log in and complete the assessment, which gives attackers system access.
North Korea’s deployment of IT workers abroad poses a triple threat by generating income through legitimate work, abusing access for intellectual property theft, and facilitating data theft for ransom. These workers use facilitators to gain access to remote job platforms and create fake profiles on platforms like GitHub and LinkedIn, sometimes employing AI tools for sophisticated deception. As a reminder, be wary of any and all links you click on seen in emails and third-party websites.
Information courtesy of The Hacker News. Click here to read some more of our excellent write-ups on cyber security and digital safety.