North Korean Hackers Devise New Techniques to Target Crypto and IT Firms

Highlights:

• North Korean hacker groups Sapphire Sleet and Ruby Sleet target cryptocurrency and IT sectors for data theft.
• Hackers use fake job offers and AI-generated identities on LinkedIn to infiltrate companies and steal data.
• Remote work makes cyberattacks easier as hackers blend in and operate from locations like Russia and China.

North Korean hackers have spread their cyber operations to IT and cryptocurrency companies. Techcrunch reported from the Cyberwarcon conference that the security researchers have found a string of ongoing social engineering scams. The scams aim to steal cryptocurrency and corporate secrets. 

CRYPTO & CYBER: NORTH KOREAN HACKERS ON THE PROWL

North Korea's playbook just got leaked at Cyberwarcon: hackers posing as IT workers, recruiters, and VCs are infiltrating start-ups and scoring billions in stolen crypto.

Their move? Fake job offers, virtual meetings, and… pic.twitter.com/lCxlstPlNV

— IBC Group Official (@ibcgroupio) November 30, 2024

Hackers lure people into their sensitive systems by acting as job seekers or investors. This latest escalation underscores the mounting risk for large multinational corporations and the cryptocurrency sector.

Sapphire Sleet and Ruby Sleet Tactics

These cyberattacks are being carried out by two different North Korean hacker groups, Sapphire Sleet and Ruby Sleet. The primary victim of Sapphire Sleet is people and firms in the cryptocurrency space. They use fake job offers to trick victims into downloading malware disguised as required archives. For instance, Sapphire Sleet offers fake virtual meetings and injects malware once the victim connects.

Instead of going for the money, Ruby Sleet focuses on infiltrating high-profile areas such as aerospace and defense. North Korea uses its mission to steal critical military secrets to advance its weapons development. According to researchers at Microsoft, the two groups have been identified as key players in the campaign, with Sapphire Sleet stealing at least $10 million in cryptocurrency in the space of six months.

AI Identities Enable Infiltration

North Korean hackers are increasingly resorting to sophisticated tactics to infiltrate organizations. Attackers use social media platforms like LinkedIn and GitHub to create fake identities that lend credibility.

The hackers use AI-generated images and voice-changing technology to convincingly pretend to be anyone in the world. Using these fabricated identities, they look legitimate to potential employers or partners. After being hired, they remotely access company networks and steal valuable data. 

The rise of remote work during the COVID-19 pandemic has made this method of infiltration effective. Remote work makes it easier for the attackers to blend in. Some hackers work from places such as Russia and China to further conceal their true identity. They can get around the detection by utilizing local facilitators and remote access tools.

FBI Warns of Crypto Sector Risks

The FBI has also issued an urgent warning about the risks of the cryptocurrency world in response to the escalating threats. Cryptocurrency exchanges and decentralized finance projects are increasingly being targeted by North Korean hackers. In the alert, the hackers do extensive pre-operational research, hunting for specific targets and customizing the scams. 

FBI Warns of Sophisticated North Korean Cyber Attacks Targeting Crypto, Defi, ETFs – Featured Bitcoin News https://t.co/iYUYpvEFIO

— Dee (@Dee197111Q) November 24, 2024

According to the FBI, these attacks are not only a risk to individual investors but to large cryptocurrency companies too. Since the global cryptocurrency market is still growing, these attacks can severely damage companies that deal with sensitive financial products. 

The funds stolen are believed to be used to fund North Korea’s weapons program. North Korean hackers continue to make no signs of slowing their ongoing efforts. Moreover, the North Korean regime has very little to lose from international sanctions.