North Korean hackers have allegedly stolen over $1 billion in cryptocurrency in recent years through a sophisticated scheme involving impersonation. The hackers pose as venture capitalists, tech support staff, and recruiters to gain access to victims’ systems and steal their digital assets.
During the Cyberwarcon conference in Washington, D.C., Microsoft Threat Intelligence researchers presented findings revealing that the North Korean regime has “successfully built computer network exploitation capability,” enabling its threat actors to “steal billions of dollars in cryptocurrency.”
According to TechCrunch, investigators found that North Korean operatives have stolen a significant amount in cryptocurrency over the past decade while evading international sanctions. This was allegedly used to fund the country’s nuclear weapons program.
Researchers at the Cyberwarcon conference identified two North Korean hacking groups, known as “Ruby Sleet” and “Sapphire Sleet.” Ruby Sleet has been specifically targeting aerospace and defense companies, seeking to exfiltrate sensitive industry data that could aid in advancing North Korea’s weapons and navigation systems.
The Sapphire Sleet hacking group, meanwhile, posed as recruiters and venture capitalists in sophisticated campaigns designed to steal cryptocurrency from individuals and companies. Once the hackers made contact with their targets, they used one of two tactics to deceive them.
Hackers posing as recruiters would instruct their targets to download and complete a skills assessment that contained malware. Hackers who posed as venture capitalists would arrange a virtual meeting with their targets.
However, the virtual meeting was designed to malfunction, creating technical issues that prompted the victim to download malware disguised as a tool to resolve the issue.
Once the malware was installed, it gained access to the victim’s computer, including cryptocurrency wallets. Microsoft reported that the hackers managed to steal at least $10 million in cryptocurrency during a six-month period.
North Korean Hackers and Malware
This is not the first time North Korean hackers have been linked to cryptocurrency thefts using malware. Earlier in November, cybersecurity firm Sentinel Labs uncovered a new malware campaign named “Hidden Risk.”
The phishing campaign involved hackers sending emails with links to PDFs that claimed to cover topics like “Hidden Risk Behind New Surge of Bitcoin Price” and “Altcoin Season 2.0 — The Hidden Gems to Watch.”
Microsoft suggested that organizations and individuals familiarize themselves with the Federal Bureau of Investigation’s (FBI) guide on how to spot North Korean fake IT workers and the like.
Read More
- Crypto Crimes Pay for North Korea: UN Claims Hacks, Attacks Fuel 50% of Foreign Currency Gains
- Crypto Trader Faces Accusations in North Korean Crypto Laundering Operation
- Blockchain Tracks North Korean Hackers’ Movement of Funds Following WazirX Incident
Michaela has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Magazine and The Shib Daily are the official media and publications of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.